#27824: TorBrowser or NoScript 10 prevents cookies even if cookie exceptions are present --------------------------------------------+-------------------------- Reporter: joebt | Owner: tbb-team Type: defect | Status: new Priority: Medium | Milestone: Component: Applications/Tor Browser | Version: Severity: Normal | Resolution: Keywords: Tor Browser, NoScript, cookies | Actual Points: Parent ID: | Points: Reviewer: | Sponsor: --------------------------------------------+--------------------------
Comment (by Thorin): Replying to [comment:2 cypherpunks]: > Users shouldn't be forced to allow cookies globally, just to login one site Cookies are not the problem. All persistent local data of any kind (cookies, localStorage, sessionStorage, SSL Session IDs, site permissions, etc) is cleared when you close Tor Browser or get a new Identity. Note: appCache, indexedDB and serviceWorkers(cache) are not enabled in Tor Browser. > Even if session cookies are allowed, third party cookies shouldn't be enabled by default There's a *little* thing called First Party Isolation (FPI), read up on it. Don't play with your ~~food~~ settings. Be like all the other Tor Browser users and use the defaults. Also, sites are less likely to break. It is true that FPI doesn't protect against a repeat visit to a first party, but the visits are already linked via other means (IP, SSL Session IDs to name a couple) Learn some OpSec and use the New Identity button -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/27824#comment:3> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online
_______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs