forget-me-not icon indicating copy to clipboard operation
forget-me-not copied to clipboard

Published 20 hours ago verified publisher icon Lusito

When whitelisting a domain, third-party cookies are whitelisted too?

Open sha-265 opened this issue 4 years ago • 4 comments

Or just the first party cookies are whitelisted, and third party deleted anyway?

Thanks.

sha-265 avatar Jan 21 '20 22:01 sha-265

No, third-party cookies don't get whitelisted for it. When and if they get deleted depends on your third-party settings, your rules and your fallback settings.

For example: If you are on a whitelisted page and it uses google analytics to track your information. Googles cookies are third-party. But if you whitelist google, then these cookies won't ever get deleted.

I hope this answers your question

Lusito avatar Jan 26 '20 17:01 Lusito

Thank @Lusito, but not really. If I whitelisted Google, and then I go to a different website that uses Google, Google's third party cookie wouldn't deleted?

If so, how can I prevent this from happening?

sha-265 avatar Jan 28 '20 17:01 sha-265

Well, that would be kind of a difficult task to do..

You are telling the extension that you want to keep google cookies, but don't want them if they are third-party. When they have been stored, there is no difference between a first-party cookie and a third-party cookie.

So let's say you visit google, which sets cookie a, b, c. At some other point in time you visit a blog which uses some google tracker, which uses cookie c, d, e. Cookie c would already have been transferred to the google tracker. Best case scenario is, that the google tracker sets the cookies d & e in an HTTP header. In that case, I could theoretically block the third-party cookies. But it wouldn't affect the already stored cookie c.

The best thing you could do, is to allow only specific google cookies that you need and the rest get removed.

Lusito avatar Feb 02 '20 15:02 Lusito

@sha-265 : Maybe not the best solution but, if you're final goal is to avoid such scenario to occur, you can combine forget-me-not with Firefox container and avoid it from happening. Simply create an isolated container for google and its services (Gmail, Youtube, etc).

Or, if you want to further strengthen your Privacy Stance, better to create one contianer for "google.com" and other container for (Gmail, Youtube, etc) so that your Google seraches do not get matched to your personal account and one container for each website that you visit quite often.

Use Forget-Me-Not to block and delete third party cookies and also to delete unnecessary first-party cookies. This will compliment your privacy settings.

Rex-0x7CB avatar Feb 12 '20 09:02 Rex-0x7CB