[tor-bugs] #16779 [Tor Browser]: Just found out that if you use Firefox, by default it lets Google give your browser a unique cookie ID that can never be deleted

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Aug 12 11:58:56 UTC 2015 

#16779: Just found out that if you use Firefox, by default it lets Google give your
browser a unique cookie ID that can never be deleted
-------------------------+--------------------------
 Reporter:  cypherpunks  |          Owner:  tbb-team
     Type:  defect       |         Status:  new
 Priority:  major        |      Milestone:
Component:  Tor Browser  |        Version:
 Keywords:               |  Actual Points:
Parent ID:               |         Points:
-------------------------+--------------------------
 If you installed Firefox, and didn't go to Options > Security and
 unchecked both Block Suspect Sites options, Firefox will set a google.com
 cookie, that survives deletion. Take a look and see for yourself:

 Go to Options > Privacy > Remove Individual Cookies, delete the google.com
 cookie, then reopen that same menu. It's still there. It's still the same
 unique ID. You can delete every cookie, you can "refresh" Firefox to
 remove all settings and extensions, you're still getting it back.

 Every google search you've ever done with a single browser profile
 (Private Browsing aside, presumably, since it doesn't use the non-private
 cookies) has been recorded under a single ID, regardless of what
 extensions you use.

 This bug ticket was supposedly closed after years of Firefox devs
 pretending it's no biggie. Like privacy on the web isn't really a thing.
 And yet, I can reproduce it easily in Firefox 39 on both Windows and
 Linux.

 I don't believe for a second Firefox's devs are stupid enough to buy
 Google's "we HAVE to set a google.com cookie for the safebrowsing service,
 it doesn't work otherwise" BS. Any alternative domain could have been
 used, Google's using google.com for a good fucking reason, to track user
 searches.

 I feel betrayed by Mozilla, but what I don't get is why I hadn't heard of
 this until I discovered it on my own, while browsing my cookie list. Like
 why isn't this a big deal in privacy circles. Why do people discuss
 privacy extensions, but not add "of course, all of this is useless for
 avoiding Google tracking because they bought a supercookie from Mozilla"?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16779>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list