#27824: TorBrowser or NoScript 10 prevents cookies even if cookie exceptions are
present
--------------------------------------------+--------------------------
Reporter: joebt | Owner: tbb-team
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: Tor Browser, NoScript, cookies | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------------------------+--------------------------
Comment (by cypherpunks):
In TBB 8.5 & earlier (linux), IF torbutton security slider is default
**"Standard** setting," and in preferences - **"Accept cookies & site
data"** is checked, **then** "Accept third party cookies & site data" is
checked & set @ Always - by default.
With torbutton @ Standard security, when 3rd party cookies are **allowed
Always**, it **toggles** the "privacy.firstparty.isolate" pref to FALSE;
and toggles it to True when 3rd party cookies are set to "Never." Then
lots of **3rd party cookies are set** instantly. I assume 3rd parties'
Site Data is also loaded, but I've not checked it yet.
I suggest that it not toggle the firstparty.isolate pref.
In TBB, same settings as above, but 3rd Party Cookies are = "From Visited
Sites," it still toggles firstparty.isolate = False (shouldn't), but seems
to allow only 1st party cookies. (I haven't checked that on 100's of
sites.)
When firstparty.isolate is False & torbutton security setting = Safer, it
seems to **block** 3rd party cookies when Accept 3rd Party cookies =
Always. Safer setting - good. But, parts of some sites haven't worked in
the past at torbutton Safer setting.
Checked this behavior several times in TBB & regular Fx 60.5esr (Linux)
Both new installs, new profile for regular Fx ESR, no addons installed in
the regular Fx ESR; only default addons in TBB.
Same behavior in both of the ESR flavors, whether TBB is restarted / get
new identity or not. Yes, it'd delete 3rd party cookies, but they'll come
right back unless Accept 3rd party cookies = "Never."
In Firefox 65 (Linux) they've changed the cookie options UI, even from a
couple versions ago. In it, disabling ALL cookie blocking (incl. 3rd
party) does not toggle "privacy.firstparty.isolate" to False.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/27824#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs
