Ask HN: (how often) do you clear your cookies?
In light of the discussion w.r.t. Google working around Safari's "do not accept third party cookies" setting, I wonder whether people clear their cookies (web and Flash) regularly, and if so, how often. Related to that, do you use private mode as a means to fight tracking?
33 comments
[ 4.8 ms ] story [ 52.3 ms ] threadHeck, the original poster may have actually been refering to clearing the cookies to avoid tracking.
However, when things like http://samy.pl/evercookie/ exist, it makes it even more harder to avoid tracking cookies.
Andd moreover, "only I have got access to my computer". You are every non-ecrypted hop you make from your system to the target network has access to your requests, making you vulnerable to man in the middle attacks.
I think you were/are just a little misguided.
I use adblock plus* and click-to-play flash embeds now. Occasionally a website breaks because of it, but very rarely.
*I whitelist websites I want to support, but a lot of websites go too far. I've been the 1,000,000th site visitor too many times.
But I believe this doesn't prevent me from Google knowing all about it. Whether I use one browser or other, private browsing or not. Some do-not-track extension which would completely block downloading and executing of tracking scripts might have help. But I'm not that paranoid. Yet.
On iOS I run Safari in private browsing mode all the time. Not really to auto-delete cookies (it does that), but because if you have a history of websites and you start typing in the address bar, it attempts to auto-complete the URIs, which freezes Safari for a second, and delays keyboard inputting. Apple doesn't have a time-delay of 1-2 seconds after the previous keystroke, so its auto-complete is really annoying and slows down/breaks the UI. Bookmarks have to be empty too to work.
That said, private-mode iOS Safari crashes a whole lot more than non-private mode. This usually happens on newspaper websites (UI hell) when all of the ad network and javascript widget garbage attempt to load. If you hit Stop-Loading after the article text is loaded, but before that other crap does, it fixes the problem. Funny, but disabling Javascript seems to crash more than leaving it on, but on different websites, likely for different reasons.
I wonder if there's an addon for Firefox to clear them after a few hours.
As preventive measures I have Ghostery, NoScript, and Adblock with EasyPrivacy list https://easylist.adblockplus.org/en/ installed and only use Chromium in private mode when the site is some cool demo from HN, as those tend not to work with all the limitations. Next up: full blown paranoia and Qubes (I'm only half joking).
On top of that, I use noscript, ghostery, the web dev toolbar, better privacy, and adblock.
Only use cookies to log into HN to post (I browse without logging in), my email, and other programming-related page (such as /r/programming).
I also use a proxy for those times that I must use Google (my search engine of choice is Duck Duck Go (it works great)).
Chrome : never
I use Chrome almost exclusively to check my gmail account and Firefox for everything else.
I am aware that Chrome and Firefox share a flash cookie on the subdomain mail.google.com, but apparently it does not contain tracking data. Moreover it is not supposed to be sent when I use the main domain (if adobe follows the RFC). Google.com could hide an iframe pointing to mail.google.com but they wouln't dare, would they ?
So I think I am pretty safe from google tracking for now. Anyway, when I have time I will search HN comments and the web for a list of hostnames to map to 127.0.0.1 in my hosts file.
I use Firefox's Web Developer plugin to clear cookies for a specific domain if I'm developing and need to test clearing cookies.
If I don't trust a site or don't want it leaving traces I'll use Chrome's Incognito mode.
Never really got the fuss about cookies, some people seem really paranoid and diligent about clearing them. I don't really care, and I'm usually very mindful of privacy issues.
If you want to use a Google or Facebook account, but at the same time, you don't want them to be able to link your general browsing history outside of Google/Facebook with your account. ie, the sites you visit and when you visit them.
I don't think it's fair to call people with that sort of concern, "paranoid". I think "prudent", "informed" or "sensible" are more appropriate words.
I used to clear history, cookies, everything on browser restart.
I've let the water wash over me, and now I like typing things in the address bar and already being there, or being remembered like Norm when I visit a site again.
Rarely a site will piss me off and I'll go in and delete their cookies. I know they can feel it when I do that.
The only time you ever need to accept cookies from a site, is when you're logging in to something, or buying something. And there's never any need to accept anything other than session cookies. You don't need cookies at all to browse news sites or blogs etc.
This is an incredibly small amount of work. It is considerably less work than NoScript or RequestPolicy for example. And it provides so many benefits. Most days I don't even need to touch the Cookie Monster configuration. It's only when I sign up for something new or buy something from a new site, and it's a two second job, and I can usually recognise that I'm going to need to do it before anything even breaks.
EDIT: Also, Firefox is set to completely clear my history on exit. Including history, cache and offline website data. I've never felt that doing this made my web browsing any more inconvenient.
Since recently I only visit Facebook in an incognito window for the purpose of cookies. I'd like to block all sites by default as well.
[1] it was tiny until I met HN, now it grows like a monster.