Delivery-Date: Wed, 13 Jan 2016 05:14:03 -0500
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-3.3 required=5.0 tests=BAYES_00,DKIM_ADSP_ALL,
	DKIM_SIGNED,RCVD_IN_DNSWL_MED,T_DKIM_INVALID,T_RP_MATCHES_RCVD autolearn=ham
	version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 1DD671E0677;
	Wed, 13 Jan 2016 05:14:01 -0500 (EST)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 9E9E7205A3;
	Wed, 13 Jan 2016 10:13:56 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 062F82047B
 for <tor-talk@lists.torproject.org>; Wed, 13 Jan 2016 10:13:53 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id pyPHWPXdUT4e for <tor-talk@lists.torproject.org>;
 Wed, 13 Jan 2016 10:13:52 +0000 (UTC)
Received: from perdizione.investici.org (perdizione.investici.org
 [94.23.50.208])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "smtp.autistici.org",
 Issuer "Autistici/Inventati Certification Authority" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id D04B42042E
 for <tor-talk@lists.torproject.org>; Wed, 13 Jan 2016 10:13:52 +0000 (UTC)
Received: from [94.23.50.208] (perdizione [94.23.50.208]) (Authenticated
 sender: setthemfree@privacyrequired.com) by localhost (Postfix) with ESMTPSA
 id 32F22121026; Wed, 13 Jan 2016 10:13:48 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=privacyrequired.com;
 s=stigmate; t=1452680028;
 bh=JifbN1PFoocTPZItsnFbU7CCNfSVXQLpoPWlmz25otI=;
 h=From:To:Cc:Subject:In-Reply-To:References:Date;
 b=g6fuiybbNQSg+XZzjQSdBrJ3d7YOgKGER2+a+NfoaHgftSb2MTz7J5tNGxFToYora
 ExmwMGF/yehu7ytbAZGBXZvVRYQRUK8vpFs73UADPi0dCwUr+nSHrE5eeI6Hwg16M4
 aLjwu1QL7IJLuLn6diG96HlIf5kcbTPry3kT24zo=
From: Yury Bulka <setthemfree@privacyrequired.com>
To: Joe Btfsplk <joebtfsplk@gmx.com>
In-Reply-To: <5692E9A9.4030705@gmx.com> (Joe Btfsplk's message of "Sun, 10 Jan
 2016 17:30:49 -0600")
References: <868u3zu5y5.fsf@kitt.localdomain> <5692E9A9.4030705@gmx.com>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux)
Date: Wed, 13 Jan 2016 12:13:46 +0200
Message-ID: <86pox5vlb9.fsf@kitt.localdomain>
MIME-Version: 1.0
Cc: tor-talk@lists.torproject.org
Subject: Re: [tor-talk] What is "cookie protections"?
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

Thanks for all the info. Yeah, I browse with third party cookies
disabled. Additionally, I use two windows of TBB - one for the few sites
where I stay logged in, and the other, in Private Browsing mode, for
everything else.

Regarding the "cookie protections" menu item, it only shows up in the
Tor button's menu if the "Don't record history" checkbox is unchecked in
Privacy and Security settings.

Joe Btfsplk <joebtfsplk@gmx.com> writes:

> On 1/8/2016 3:17 PM, Yury Bulka wrote:
>> I've disabled the "Don't
>> record browsing history or website data" check box in the Privacy and
>> Security Settings dialog.
>> There's only one potential danger I see here - cookies.
> In Windows TBB, there's a selection "Use custom settings for history."
> The "Remember my browsing & download history" are handled separately
> from "Accept cookies" (separate check box).
>
> At shut down, TBB deletes all site preferences (Exceptions) & cookies,
> regardless if those are unchecked in "Clear history when Tor browser
> closes" settings.  So that no data is saved across sessions.   If you
> want to selectively delete cookies mid session, you'd have to do it
> manually -  (or use various cookie mgr or cache & cookie mgr addons,
> which isn't recommended by Tor Project). Unless just using TBB for the
> added safety, not maximum anonymity - then using (certain) addons
> probably isn't a super bad thing.
>
> I'm not sure (now days) the possibility of some sites sharing data
> from SESSION cookies.  In the old days, 1st party cookies couldn't be
> read / used by other sites.  Unless maybe if 2 sites were owned by
> same people.
>
> In Firefox & TBB, if check "accept cookies," the "accept 3rd party
> cookies" is automatically checked.
> But, TorButton has checked by default, "Restrict 3rd party cookies &
> other tracking data," so it probably ? overrides 3rd party cookies
> being enabled in the TBB Options > Privacy screen.
> Then I'm not sure why TBB automatically check the 3rd party cookie
> box, if "Accept Cookies" under Privacy tab is checked, if the
> TorButton is set to prevent 3rd party cookies.  It's confusing (I
> don't think it should).
>
> Short of using addons to save cookie exceptions or cookies between
> sessions, one could store cookie exceptions in a separate
> permissions.sqlite file - in another location.  If paranoid, encrypt
> it -  then decrypt it & copy to the TBB profile before launching TBB.
>
>
>> This is why I'd like to understand what is the "Cookie protections"
>> dialog about.
>   In Windows TBB, I don't see settings called "Cookie Protections."
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

