Closed Bug 612242 Opened 14 years ago Closed 5 years ago

Cookies are not filterable based off of name

Categories

(Firefox :: Security, defect)

Product:
Firefox
Component:
Security
Platform:
x86_64
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED INVALID

People

(Reporter: admin, Unassigned)

Details

(Keywords: privacy) 

User-Agent:       Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.10) Gecko/20100915 Ubuntu/10.04 Firefox/3.6.10
Build Identifier: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.10) Gecko/20100915 Ubuntu/10.04 Firefox/3.6.10

The reason this is "Security" is since it allows various unauthorised parties to proxy their cookies through sites users visit and obtain information on users' browsing habits via popular websites without the users being able to opt out.

At the moment the only options are either:
1. Block ALL cookies from that domain
2. Require confirmation every time a site sets a cookie 
3. Allow ALL cookies from that domain

Now, to go over the options I just mentioned:
1 is impossible as it would prevent you from say, logging into the site in question

2 would result in browsing becoming an impossible experience as in Web 2.0 sites tend to set many cookies, (you would be spending more time verifying individual cookies than browsing).

With 3 You'd be obviously tracked by third parties that the site you visited set cookies on behalf of.

Reproducible: Always

Steps to Reproduce:
1. Open Firefox
2. Visit any site with a modern Google Analytics installation (*utm.js or similar being hosted by the website itself) AND that requires a login
3. Inspect cookies
Actual Results:  
Data broker successfully set cookie in addition to the website's own login cookie (even if you have the data broker's domains blocked to set cookies). User will note they will have a cookie with __utm in its name and an ID as its content as a _FIRST PARTY_ cookie.

Expected Results:  
Cookies should be able to be filterable not only on domain but name and perhaps content as well, this would permit people to secure their browsing further and aid to prevent tracking by unauthorised third parties. I must emphasize unauthorized.

The fact of the matter is, per-domain cookie filtering is no longer sufficient as ad and data brokers have webmasters set (and read) cookies on their behalf via the webmaster's site's domain, (which cannot be blocked or it causes session/login problems). 

The endgame of this situation is that cookies have become an important and almost obligatory experience in today's web experience, there really is no more "I do not accept ANY cookies", therefore users must be able to have refined filtering control over those cookies as to EITHER accept or deny based off of more than domain names, domain names come cheap today, but also the other aforementioned conditions. At the moment, as mentioned in the description, users can no longer opt out of these malicious cookies as brokers find more and more inventive ways to install them on user computers without any way for users to opt out.
Keywords: privacy
Hi,

I Agree totally.

In cookies site policy list, we should be able to refine by Cookies Names.
-> in order to select which particular cookies we want to agree on our browser for each site.

I hope this Feature Request will be opt in, as Firefox is experiencing a serious regression bug with cookies at the moment.


Best Regards,
This was requested before (bug 183672, bug 432554) but those bugs were closed (WONTFIX) because this should be done by an addon.

Inspect cookies is gone.

Status: UNCONFIRMED → RESOLVED
Closed: 5 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.