I think hexbear has them. Is it a connection thing where cookies spot other cookies? Do tracking cookies matter when it comes to insurance and therapy sites/apps? I’m thinking about therapy that I saw advertised on YouTube, and I bet they’re somehow sketchy. And their app requires the use of third party tracking and cookies.

I just don’t want these sites/apps to see I’m a communist.

  • Erika3sis [she/her, xe/xem]@hexbear.net
    link
    fedilink
    English
    arrow-up
    2
    ·
    8 months ago

    This feels like a Renge and Shiori talking about ball physics moment

    I mean, the way I interpreted Lemmygrabber’s comment was that it implied that on other browsers, websites can just read cookies from other websites. So I go to, like, sketchysite.xyz and it loads in a YouTube video and then all of a sudden my Google account is stolen because the website could read my cookies for YouTube/Google, and that meant that it could copy them. On the other hand, the type of thing where microsoft.com wants to use cookies from microsoftonline.com seems pretty different to me, because that’s basically just making a regular request to microsoftonline.com, right? It just happens to be that that request includes a cookie in the header.

    That’s how I understand it at least.

    • YearOfTheCommieDesktop [they/them]@hexbear.net
      link
      fedilink
      English
      arrow-up
      2
      ·
      8 months ago

      oh I didn’t see your video link before. Yeah, that was already not a thing of course, it would break the security of basically every site, I guess it just didn’t cross my mind. At a glance when I read his comment I didn’t register it as saying “ff does this (and chrome doesn’t at all)”, but I see what you mean now.

      And no, its not too different, the video you linked covers the single-sign-on use case pretty well (which is effectively what MS is doing even though they could have just used the same domain lol) at around 5:40. The page I’ve loaded is microsoft.com, but it is trying to read a cookie that belongs to microsoftonline.com because that’s where the sign-in page is so that’s where the cookie is. Firefox prompts me to allow it, rather than blanket block or blanket allow, so that SSO can still work but I can’t be silently tracked.

      • Erika3sis [she/her, xe/xem]@hexbear.net
        link
        fedilink
        English
        arrow-up
        2
        ·
        8 months ago

        At the risk of revealing my own illiteracy, I thought that for single sign on it was like, you load the web page and it includes a request to microsoftonline, and the request that your computer sends to microsoftonline includes the sign-in cookie, and then microsoftonline responds to this by sending a unique session token and probably some other stuff to microsoft.com, and then microsoft.com sends the new session token to get stored on your computer.

        I’d honestly just kinda assumed that that was more or less how SSO worked so maybe that’s wrong though. If it is and I’ve been talking out of my butt the whole time then please go easy on me.