I think hexbear has them. Is it a connection thing where cookies spot other cookies? Do tracking cookies matter when it comes to insurance and therapy sites/apps? I'm thinking about therapy that I saw advertised on YouTube, and I bet they're somehow sketchy. And their app requires the use of third party tracking and cookies.

I just don't want these sites/apps to see I'm a communist.

  • YearOfTheCommieDesktop [they/them]
    ·
    9 months ago

    oh I didn't see your video link before. Yeah, that was already not a thing of course, it would break the security of basically every site, I guess it just didn't cross my mind. At a glance when I read his comment I didn't register it as saying "ff does this (and chrome doesn't at all)", but I see what you mean now.

    And no, its not too different, the video you linked covers the single-sign-on use case pretty well (which is effectively what MS is doing even though they could have just used the same domain lol) at around 5:40. The page I've loaded is microsoft.com, but it is trying to read a cookie that belongs to microsoftonline.com because that's where the sign-in page is so that's where the cookie is. Firefox prompts me to allow it, rather than blanket block or blanket allow, so that SSO can still work but I can't be silently tracked.

    • Erika3sis [she/her, xe/xem]
      ·
      9 months ago

      At the risk of revealing my own illiteracy, I thought that for single sign on it was like, you load the web page and it includes a request to microsoftonline, and the request that your computer sends to microsoftonline includes the sign-in cookie, and then microsoftonline responds to this by sending a unique session token and probably some other stuff to microsoft.com, and then microsoft.com sends the new session token to get stored on your computer.

      I'd honestly just kinda assumed that that was more or less how SSO worked so maybe that's wrong though. If it is and I've been talking out of my butt the whole time then please go easy on me.

      • YearOfTheCommieDesktop [they/them]
        ·
        edit-2
        9 months ago

        No you're right, but thats also how tracking cookies would work, including a request back to facebook, or an ad network, or whatever. So that is what firefox is blocking, by partitioning cookies by what site you are actually on, not just what site a request is going to.

        Chrome is finally slowly rolling out something similar this year (like they made a big fuss about rolling it out to 1% of users)