Ask HN: (how often) do you clear your cookies?

17 points by Someone ↗ HN
In light of the discussion w.r.t. Google working around Safari's "do not accept third party cookies" setting, I wonder whether people clear their cookies (web and Flash) regularly, and if so, how often. Related to that, do you use private mode as a means to fight tracking?

33 comments

[ 4.8 ms ] story [ 52.3 ms ] thread
I set Firefox and Chrome to clear everything when they're closed. All my logins are managed through KeePass, so logging back into a website is just one keypress away.
Do you use an extension in Chrome to do this or surf permanently incognito? I was under the impression that it's not (yet) possible to do so automatically in Chrome (vanilla).
Wrench -> Options -> Under the Hood -> Privacy -> Content Settings... -> Cookies -> "Clear cookies and other site data when I close my browser"
Thanks, my fault, I mixed it up with "Clear Browsing Data".
I can't remember when I do this. I use ubuntu - so I do not afraid of malicious programs, and only I have got access to my computer.
You realise the ignorance and nativity in this statement? I use Ubuntu also, but that doesn't absolve/protect me from all potential issues I may run in when browsing/using the web.

Heck, the original poster may have actually been refering to clearing the cookies to avoid tracking.

However, when things like http://samy.pl/evercookie/ exist, it makes it even more harder to avoid tracking cookies.

Andd moreover, "only I have got access to my computer". You are every non-ecrypted hop you make from your system to the target network has access to your requests, making you vulnerable to man in the middle attacks.

I think you were/are just a little misguided.

What are you afraid of?? Did smth bad happened with you?
Never (well, once a year manually or so). But if there was a Firefox plugin that let me clear my cookies on shutdown except for cookies of sites I want to keep, I'd use that!
Check "Accept cookies from from sites" and choose "Keep until I close FF". Then add exceptions w/ status "Allow" for sites you want to store cookies.
Rarely, and usually unintentionally. I have tried tools to prevent tracking such as Ghostery in the past, and my experience is that it breaks the web so much it's not worth the trouble.
How does it break the web exactly? I use ghostery and don't experience it.
I spent far too long finding web sites that failed to load or experienced problems, and constantly tracked them back to Ghostery. It was actually interfering with web development, and so I uninstalled it after 5 days or so.

I use adblock plus* and click-to-play flash embeds now. Occasionally a website breaks because of it, but very rarely.

*I whitelist websites I want to support, but a lot of websites go too far. I've been the 1,000,000th site visitor too many times.

Never manually. But I use multiple browsers (Opera, Chrome, sometimes Firefox) simultaneously (well, in parallel) and I have separate work and personal computers. Sometimes I even use private browsing; and not only for "buying presents".

But I believe this doesn't prevent me from Google knowing all about it. Whether I use one browser or other, private browsing or not. Some do-not-track extension which would completely block downloading and executing of tracking scripts might have help. But I'm not that paranoid. Yet.

(comment deleted)
I am a web developer, so I delete them quite often while working. Although when I am not working, never.
I reset Safari on OSX frequently, and do the same with Chrome.

On iOS I run Safari in private browsing mode all the time. Not really to auto-delete cookies (it does that), but because if you have a history of websites and you start typing in the address bar, it attempts to auto-complete the URIs, which freezes Safari for a second, and delays keyboard inputting. Apple doesn't have a time-delay of 1-2 seconds after the previous keystroke, so its auto-complete is really annoying and slows down/breaks the UI. Bookmarks have to be empty too to work.

That said, private-mode iOS Safari crashes a whole lot more than non-private mode. This usually happens on newspaper websites (UI hell) when all of the ad network and javascript widget garbage attempt to load. If you hit Stop-Loading after the article text is loaded, but before that other crap does, it fixes the problem. Funny, but disabling Javascript seems to crash more than leaving it on, but on different websites, likely for different reasons.

I do it weekly, but mainly because I experiment a lot with my OS and will generally have to re-install it once a week.
Until recently, never. Now I've started allowing them only for the session, except for a few websites like HN. Of course, my session usually lasts for days, even a week or more (I rarely shutdown the laptop, I just put it to sleep).

I wonder if there's an addon for Firefox to clear them after a few hours.

I have Firefox configured to remove almost everything on exit, including cookies and flash cookies, also do it manually when I'm switching proxies, have disabled third party cookies which seems to be working in Firefox (http://www.google.com/ads/preferences/?hl=en returns "Cookies are disabled").

As preventive measures I have Ghostery, NoScript, and Adblock with EasyPrivacy list https://easylist.adblockplus.org/en/ installed and only use Chromium in private mode when the site is some cool demo from HN, as those tend not to work with all the limitations. Next up: full blown paranoia and Qubes (I'm only half joking).

I reset my cookies all the time, when doing development on my machine sometimes, the browsers just need a good reset to behave normally again.
I run with the most strict settings that firefox has to offer. No cookies, private browsing, no JS, etc.

On top of that, I use noscript, ghostery, the web dev toolbar, better privacy, and adblock.

Only use cookies to log into HN to post (I browse without logging in), my email, and other programming-related page (such as /r/programming).

I also use a proxy for those times that I must use Google (my search engine of choice is Duck Duck Go (it works great)).

Firefox : everytime I close it, and third party cookies not allowed.

Chrome : never

I use Chrome almost exclusively to check my gmail account and Firefox for everything else.

I am aware that Chrome and Firefox share a flash cookie on the subdomain mail.google.com, but apparently it does not contain tracking data. Moreover it is not supposed to be sent when I use the main domain (if adobe follows the RFC). Google.com could hide an iframe pointing to mail.google.com but they wouln't dare, would they ?

So I think I am pretty safe from google tracking for now. Anyway, when I have time I will search HN comments and the web for a list of hostnames to map to 127.0.0.1 in my hosts file.

Never, for regular browsing.

I use Firefox's Web Developer plugin to clear cookies for a specific domain if I'm developing and need to test clearing cookies.

If I don't trust a site or don't want it leaving traces I'll use Chrome's Incognito mode.

Never really got the fuss about cookies, some people seem really paranoid and diligent about clearing them. I don't really care, and I'm usually very mindful of privacy issues.

Here is one reason you might block/clear cookies, and be concerned about these issues:

If you want to use a Google or Facebook account, but at the same time, you don't want them to be able to link your general browsing history outside of Google/Facebook with your account. ie, the sites you visit and when you visit them.

I don't think it's fair to call people with that sort of concern, "paranoid". I think "prudent", "informed" or "sensible" are more appropriate words.

Almost never.

I used to clear history, cookies, everything on browser restart.

I've let the water wash over me, and now I like typing things in the address bar and already being there, or being remembered like Norm when I visit a site again.

Rarely a site will piss me off and I'll go in and delete their cookies. I know they can feel it when I do that.

I use a Firefox addon named Cookie Monster. All cookies, not just third party cookies are blocked by default. When you come across a site where you need cookies, you select one of four options from the icon on the status bar:

  1.) Temporarily allow cookies from example.com
  2.) Accept cookies from example.com
  3.) Reject cookies from example.com
  4.) Accept session cookies from example.com
For news.ycombinator.com, I selected option 4 the first time I needed to log in and it is persistent.

The only time you ever need to accept cookies from a site, is when you're logging in to something, or buying something. And there's never any need to accept anything other than session cookies. You don't need cookies at all to browse news sites or blogs etc.

This is an incredibly small amount of work. It is considerably less work than NoScript or RequestPolicy for example. And it provides so many benefits. Most days I don't even need to touch the Cookie Monster configuration. It's only when I sign up for something new or buy something from a new site, and it's a two second job, and I can usually recognise that I'm going to need to do it before anything even breaks.

EDIT: Also, Firefox is set to completely clear my history on exit. Including history, cache and offline website data. I've never felt that doing this made my web browsing any more inconvenient.

Does any know if there is something similar to Cookie Monster for Chrome?

Since recently I only visit Facebook in an incognito window for the purpose of cookies. I'd like to block all sites by default as well.

I set Firefox to auto-remove cookies when closing it. I mostly navigate in private mode. Whenever I find something slightly interesting I bookmark it. Later I switch to normal mode, navigate all the new links to put them in history, and remove them from bookmarks. So I can keep a tiny[1] searchable history and not spam the bookmarks.

[1] it was tiny until I met HN, now it grows like a monster.

I believe the most common cause of cookie deletion is hitting the browser cookie limit, and old cookies rolling off. The sheer number of JavaScript tags on websites (I've seen a list of over 600 third party trackers), multiplied by the number of sites you visit for those trackers that create per domain cookies (for example google analytics), then add in the multiple unintentional cookies created by programming frameworks on each domain, and the limit gets hit pretty fast.