[tor-bugs] #27824 [Applications/Tor Browser]: TorBrowser or NoScript 10 prevents cookies even if cookie exceptions are present
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sun Feb 10 03:59:44 UTC 2019
#27824: TorBrowser or NoScript 10 prevents cookies even if cookie exceptions are
present
--------------------------------------------+--------------------------
Reporter: joebt | Owner: tbb-team
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: Tor Browser, NoScript, cookies | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------------------------+--------------------------
Comment (by Thorin):
Replying to [comment:2 cypherpunks]:
> Users shouldn't be forced to allow cookies globally, just to login one
site
Cookies are not the problem. All persistent local data of any kind
(cookies, localStorage, sessionStorage, SSL Session IDs, site permissions,
etc) is cleared when you close Tor Browser or get a new Identity. Note:
appCache, indexedDB and serviceWorkers(cache) are not enabled in Tor
Browser.
> Even if session cookies are allowed, third party cookies shouldn't be
enabled by default
There's a *little* thing called First Party Isolation (FPI), read up on
it.
Don't play with your ~~food~~ settings. Be like all the other Tor Browser
users and use the defaults. Also, sites are less likely to break.
It is true that FPI doesn't protect against a repeat visit to a first
party, but the visits are already linked via other means (IP, SSL Session
IDs to name a couple)
Learn some OpSec and use the New Identity button
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/27824#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list