[HN Gopher] Google Chrome to remove detailed cookie and site dat...
___________________________________________________________________
Google Chrome to remove detailed cookie and site data controls
Author : giuliomagnifico
Score : 917 points
Date : 2021-09-03 18:29 UTC (1 days ago)
(HTM) web link (lapcatsoftware.com)
(TXT) w3m dump (lapcatsoftware.com)
| hpoe wrote:
| This is part of a strategy to eliminate the openness of the web,
| right now your client still has full view and control of the code
| running on it in the browser to a certain degree.
|
| Companies do not want this, this makes it possible to reverse
| engineer their process, to view what they are doing, and
| basically takes away control.
|
| They want a future where your browser is instead a portal to the
| web where various companies just deliver black boxes of bytes to
| your machine and you don't have visibility into the code that is
| running, the actions they are performing or what is going on. In
| such a world they control the platform the content and the
| delivery mechanism.
|
| Openness is contrary to the goals of these large companies
| because that causes them to lose control.
| nicce wrote:
| I don't know why you are getting downvoted, but this is the
| reality already. Maybe reasons behind are sometimes different,
| but the end result is the same.
|
| Google is rebuilding their Docs for using canvas only[1]. You
| have no control over it.
|
| Similar things are happening. Web assembly is getting more
| popular, and in more cases browser is just a sandbox running
| arbitrary code. E.g Microsoft has huge interest[2].
|
| [1]: https://workspaceupdates.googleblog.com/2021/05/Google-
| Docs-...
|
| [2]: https://www.infoworld.com/article/3613873/microsoft-gets-
| ser...
| SubiculumCode wrote:
| "Don't be Evil"
|
| he he he...almost forgot about them saying that. -posted from
| Firefox.
| xg15 wrote:
| Out of couriosity: Does anyone know how such decisions are made
| inside Google? It all seems very opaque.
| lrem wrote:
| I'm a Googler working on something else, but I think the rough
| process will be the same:
|
| 1. Product management decides which audiences should get
| special attention.
|
| 2. UX researchers get hold of a number of users matching those
| audiences. Interview them what are their pain points with the
| product and observe them stumble through a bunch of critical
| journeys.
|
| 3. UX designers design how that should go instead.
|
| 4. Eng (including UI) design how to make that happen.
|
| 5. The design doc goes through approvals from all the above,
| but also legal, security, privacy and other stakeholders.
|
| After that, it's a simple matter of programming.
| Missthy59 wrote:
| I really liked this article you shared. Thanks for taking the
| time to write it <a href="https://driftboss.co"> drift boss
| </a>
| tzfld wrote:
| I'm pretty sure you will not get an answer to this on a public
| forum.
| edoceo wrote:
| Damn. And we lost Servo just when it was getting close to being
| not shitty. While everything else is moving towards more shitty.
| octopoc wrote:
| There is some activity in the donations:
|
| https://crowdfunding.lfx.linuxfoundation.org/projects/servo
| tomxor wrote:
| We lost the servo team, but isn't servo complete enough to
| simmer in maintenance?
| kroltan wrote:
| Not nearly complete enough if you want a browser.
|
| MAYBE, if you want a browsing engine / "webview".
| tomxor wrote:
| Ahh, i'm talking about the surviving parts that were
| adopted by Firefox:
|
| https://en.wikipedia.org/wiki/Gecko_(software)#Quantum
|
| I remember it clearly because Firefox got a big performance
| boost in it's renderer when quantum was released, often
| it's faster than Chrome.
| zamadatix wrote:
| That's exactly what Servo was/is, an embeddable browser
| engine. It was never aiming to build a usable reference
| servo browser with the engine. The packaged nightly
| binaries were just to demo the current state of the
| embeddable engine which is why they were so barebones.
| kroltan wrote:
| Yes, you're correct, but the ancestor comments kind of
| implied it being a hope for browsers at large.
|
| Bad phrasing from my part too, sorry.
| simfoo wrote:
| What features would a browser need on top of regular
| webview APIs?
| dralley wrote:
| No, not even close.
| tomxor wrote:
| Why not, It's in Firefox, I'm literally looking at it right
| now.
| dralley wrote:
| No it isn't. Some parts of Servo were adopted into
| Firefox, but "Servo" is not in Firefox.
|
| If you compile servo and point it at the homepage of
| google, I doubt it renders right now. It was constantly
| broken even when it had a full-time staff.
| kroltan wrote:
| Some parts of Servo are in Firefox, but not the whole
| thing.
|
| Swapping your VW Beetle's wheels for a Ferrari's doesn't
| make it a Ferrari! Even if it improves handling (or
| whatever I'm not a car person, it's just an accessible
| analogy)
| downWidOutaFite wrote:
| Not sure why you're saying Servo, we still have Firefox.
| xvilka wrote:
| Firefox only can compete with Chrome/Chromium-based clones
| only if it has a unique edge (pun intended). Being completely
| written in Rust is that edge, reducing work required for
| debugging, while Chromium team would be still busy with
| memory bugs, etc. Thus the complete port/rewrite is the only
| future it has. Genius Mozilla management voluntarily gave it
| up.
| kelnos wrote:
| Servo was never supposed to be a browser. It was a testbed for
| new browser tech/components, some of which got ported into
| Firefox. I had hopes that Servo would also be an embeddable
| browser engine, but not sure if that was ever a serious goal.
|
| Servo still exists and has been spun out of Mozilla's org
| (https://github.com/servo/servo/). Certainly development will
| be slower without a dedicated, paid team behind it, but it's
| still alive (last merge to master was 9 days ago). And perhaps
| without Mozilla's direct control, it will actually end up
| becoming the browser you hoped it would be.
| throw_m239339 wrote:
| I give Firefox browser engine 5 years top before Mozilla
| becomes Chromium based. Servo WAS meant to be the future had
| Mozilla continued to fund its development, there is no way
| around that fact. Yes, it was experimental, but so where
| every other browser engines/forks when they started. Mozilla
| lost a lot of goodwill when they fired Servo team and most of
| the Rust developers.
| drran wrote:
| Why we need two Chrome's?
| sopheadave wrote:
| Bad day for developers indeed
| andy_ppp wrote:
| I decided a while ago that I should move away from Chrome and
| I've quite liked Edge but thinking about it I really don't trust
| them either. I still don't love Firefox on Mac OS, what else
| should I try?
| kataklasm wrote:
| i have been using qutebrowser for quite some time now. it uses
| QtWebEngine based on chromium but it's a project entirely
| unique apart from that. vim-based comtrol scheme and relatively
| mininmal approach.
|
| https://qutebrowser.org
| freediver wrote:
| Orion Browser is the new WebKit based browser for Mac which
| promises direct Chrome/Firefox extension support.
|
| https://browser.kagi.com
| Razengan wrote:
| OF COURSE they would remove that option! Google is one of the
| worst abusers of cookies:
|
| If you use any Google app on iOS, it makes you sign in through a
| web view, which sets some system-wide cookies.
|
| Meaning if you just want to sign into YouTube, and later search
| something in Safari etc., you will find yourself signed into
| Google Search!
|
| I always have to go into the cookies settings and filter by
| "Google" and remove all of them to get that scummy tracking off
| my ass.
|
| Same thing with any Google service on desktop browsers.
|
| Seriously, Fuck Google.
| _pmf_ wrote:
| Well, it's their internet. They can do what they want with it.
| qutreM wrote:
| Incremental changes toward a shitty browser.
| cptskippy wrote:
| So why do developers still use Chrome?
| userbinator wrote:
| Two words: Google propaganda.
| x0x0 wrote:
| I have access to browser stats for a b2b saas. The majority of
| our customers use chrome for the app. Approx 70% chrome, 28%
| chromium, 2% safari (almost entirely mobile). NB: we discourage
| mobile or you'd see more ios; the main site is approx 50%
| safari (of that, > 95% mobile).
|
| Last time I looked, only one person had used firefox in the
| trailing 3 months.
| dlvktrsh wrote:
| flutter
| dheera wrote:
| Does this apply to Chromium as well, or can we just fork Chromium
| and keep adding the feature back?
| rdiddly wrote:
| Are we even sure what the final page is going to look like?
| "We're deprecating the old one" doesn't necessarily mean "We're
| finished building the new one."
| sharmin123 wrote:
| Let's Secure WiFi Network and Prevent WiFi Hacking:
| https://www.hackerslist.co/lets-secure-wifi-network-and-prev...
| bronlund wrote:
| If you move the letters G (Google) and C (Chrome) two letters
| down the alphabet, you get IE.
| theo-born wrote:
| I mean, if you have Firefox with Temporary Containers addon
| installed you won't ever have to care about cookie management at
| all.
|
| Every time I have to use a browser without containers, I feel so
| exposed knowing how much tracking and telemetry is out there.
| It's like going out without using deodorant, thats the best way
| to put it.
| staticassertion wrote:
| Seems like there should be a bug report to include more detailed
| information on the new page.
| dylan604 wrote:
| Closed, won't fix
| melbourne_mat wrote:
| I'm privacy conscious but would not consider looking at such
| detailed information. For me it's delete all site state on exit.
| Do people actually look at this stuff?
| danparsonson wrote:
| Anecdata point - I had trouble logging into a site recently and
| was able to solve the problem by clearing cookies just for that
| site, thus preserving my other stored logins.
| RedComet wrote:
| I do.
| alisonkisk wrote:
| What's one interesting thing you've seen that isn't better
| displayed in Dev Tools?
| james-skemp wrote:
| Developer bias, but being able to delete individual cookies is
| invaluable.
|
| Non-developer hat: PlayStation Network store also had a bug
| where you'd be logged in, but unable to buy anything. Instead
| of deleting all data you could delete one cookie and it would
| temporarily resolve the issue.
| bushbaba wrote:
| I always just used incognito windows for these kinds of
| issues.
| burnished wrote:
| I don't really interact with cookies at all. What are your
| uses cases? What is the value? If you're so enthused with it
| I'm wondering if I should be, basically.
| drewg123 wrote:
| We have a bug like that in our internal systems at work. If I
| can't delete an individual cookie, I'll switch to firefox for
| work stuff. (I currently use chrome for work stuff b/c we
| have some helpful extensions which are chrome only)
| dangrossman wrote:
| I've run into that bug (I think) on lots of sites, including
| two of my credit card issuers. They set so many cookies, and
| new ones on every visit, with long expirations, until the
| cookie header is so large that either the browser or server
| is cutting it off and you can't pick up the cookies to log in
| any more. I go wipe out some cookies to fix that too.
| ratata wrote:
| Just fyi, you can delete individual cookies in the developer
| tools.
| bigwavedave wrote:
| > Just fyi, you can delete individual cookies in the
| developer tools.
|
| While I very much agree with the point you're making, I can
| count on one hand (with fingers to spare) the number of
| family members I have who know what the developer tools
| even are, and that's because I showed them when
| troubleshooting an issue they were having. They aren't
| going to learn or remember how to access the dev tools to
| manage cookies, but they do know what it means to delete
| individual cookies and the current process to do so, and if
| they forget the exact steps they could certainly figure it
| out in settings/preferences.
|
| What they're not going to do is think "well, I can't find
| the thing I used to use to deal with cookies, I'd better go
| muck around in the developer tools." I'd imagine a very
| large percentage of non-technical people who have heard
| about cookies fall into the same category as my relatives,
| but that's my own bias talking and YMMV of course.
| shock-value wrote:
| I have never known anyone to need to delete an individual
| cookie vs all for a site. Certainly I've never needed
| that.
|
| Only time I have (probably ever) deleted an individual
| cookie was for testing during development, and in those
| cases I already use the dev tools to do so.
| ipaddr wrote:
| You have never lived
| BHSPitMonkey wrote:
| If they're a non-developer, the ability to clear all of
| the cookies (or data) for a given site should be adequate
| to cover their needs (and if they're a developer,
| obviously they'll just use Developer Tools > Application
| for individual cookie manipulation).
|
| If a non-developer is in a situation where they need to
| delete a single cookie by name but deleting _all_ of that
| site's cookies would be ruinous for some reason, then
| something's horribly wrong.
| nett18 wrote:
| Read the parent answer, it explains when deleting
| individual cookies is useful (even for non-devs)
| BHSPitMonkey wrote:
| Not really? Cookie names/values are usually inscrutable
| to anyone who hasn't worked on the site in question, and
| the idea that a non-developer would need to selectively
| delete individual cookies to work around a bug in a site
| is just silly (those users are much better served by
| simply clearing all of that site's cookies and logging in
| again).
|
| (And when the need truly does arise, there's a perfectly-
| good tool for that which is no harder to find than the
| sub-menu being deprecated.)
| dredmorbius wrote:
| Which Does Not Exist On Mobile.
|
| (90% or more of most sites' organic web traffic is mobile.)
| rapnie wrote:
| I use FF, uBlock and Privacy Badger. Of those - while uBlock is
| most powerful - I value Privacy Badger the most. It shows me
| 'number of cookies' in the toolbar icon on every page, and in
| the dropdown I can quickly toggle any 'suspicious' domains to
| be blocked. Only much less often do I take the time to do more
| intricate stuff using uBlock Origin.
| sixothree wrote:
| Absolutely. I delete specific cookies regularly.
| BHSPitMonkey wrote:
| Through this UI? What's wrong with using Developer Tools for
| this?
| simfoo wrote:
| Not just on exit - cookie autodelete is awesome. 10s after I
| switch site all past cookies are gone
| onkoe wrote:
| It's useful in specific cases and certainly nice to have in the
| main UI. I understand their reasoning for moving them, but I
| still disagree
| yellow_lead wrote:
| I've looked at it before - to delete a specific cookie, or see
| what a website has stored. Deleting specific cookies can
| sometimes fix broken websites.
| BHSPitMonkey wrote:
| What's the intersection of "users who want to delete a
| specific cookie" and "users who cannot open Developer Tools"?
| For the average user, deleting all of a site's cookies seems
| like all the granularity you need (and will be a more
| effective troubleshooting tactic anyway).
| tsian2 wrote:
| I don't think many non-developers use the dev tools for
| tasks, while people merely interested in technology (gamers
| and such) will get a gentle introduction to how cookies
| work from looking through the cookies in the normal
| interface. Those people might go on to become developers
| eventually.
| shock-value wrote:
| Effectively zero. Ridiculous that anyone would think this
| an issue even worth discussing.
| zmmmmm wrote:
| We're getting into the scary space now where it's becoming
| feasible for sites to insist on Chrome and drop support for other
| browsers. I've hit two such apps in the last month where not only
| did the app not work on FireFox, but the experience was
| completely broken (blank page, etc). So they aren't even
| bothering with enough testing to put up a "please use chrome"
| message.
|
| I use FireFox for everything personal and Chrome for development.
| I'd encourage others to do the same. Apart from expressing a
| "vote" for web standards and interoperability, it also ensures
| that by default you are separating personal from work / dev which
| makes things a lot easier when you want to nuke all your browser
| settings / cache / cookies etc.
| intricatedetail wrote:
| I worked on a project that a company decided to be Chrome only.
| This was during times when IE was still popular. We were
| spending a lot of time on cross browser compatibility and at
| one point the start-up didn't have money to spend on that. We
| picked Chrome as at the time offered best performance and it
| was fairly easy to make the app look as intended. We had to
| help some customers install Chrome and after that we had
| amazing velocity and we could focus on features rather than
| worrying why some customers can't see something etc.
| zmmmmm wrote:
| This is the slippery slope we're on. You only have to get a
| little bit down the pathway of the dominant browser departing
| from standards and the cost of maintaining cross
| compatibility goes up exponentially. Your experience is
| absolutely real and it's actually the reason why we have to
| be vigilant not to get in that state in the first place.
| [deleted]
| the_other wrote:
| I ONLY use Chrome when x-browser testing. I browse in Safari
| and develop and test in FF first. If anyone else's site or app
| doesn't work in Safari or FF, they lose me as a user/customer.
| LeftHandPath wrote:
| I wonder how many of us do this. I used to use Firefox for
| everything personal (e.g. social media) and opera for anything
| that's completely impersonal (e.g. I'd log into news sites) and
| work related. Lately Brave has replaced FireFox for everyday
| use; I only use Firefox for things that require being logged in
| to Google, like Google Calendar and YouTube.
| munro wrote:
| Same, I switched to FireFox recently as well. Lol if they think
| they can make these changes, and remain dominant (speaking
| Apple as well), then they should look at what happened to
| Freenode. Personally, I'm really just lazy, but I can go back
| to compiling my own Linux distros if it means I can control my
| system.
| echelon wrote:
| Demand the break up of Google! Now!
|
| Email your reps.
|
| Tell them this is dangerous and that Google shouldn't be
| allowed to run the entire web. Take chrome away!
| warning26 wrote:
| The issue here is that "making a web browser" isn't a
| sustainable business. You could force Google to spin off
| Chrome...and then what? The new "Chrome Inc." would probably
| need to either start integrating ads or start charging money
| to even have a chance at not immediately going under.
|
| The only reason Firefox is even able to exist is Google
| propping them up with lots of extra money.
| paulryanrogers wrote:
| There are some interesting experiments around Firefox forks
| funded by Patreon. Though not sure how viable they are
| against a hostile web.
| brigandish wrote:
| It's not sustainable _because_ Google props up its browser
| with money from other sources. I used to pay for a browser
| (Omniweb, that I still yearn for) because it was worth it.
| Most software is worth paying for, strangely.
| iamstupidsimple wrote:
| If people won't pay for Windows, good luck getting them
| to pay for Chrome or Safari.
| prox wrote:
| If someone says they are a developer but do not test other
| browsers I don't take them very seriously as a developer at
| all.
|
| I wholeheartedly think it's a good idea to split browsers
| between work and personal just so to get familiar with other
| browsers.
| forgotmypw17 wrote:
| As of today, my main workstation is an "early 2008" iMac, at El
| Capitan and Chrome maxed out at 83.x...
|
| In addition to Chrome, I'm using six other browsers which work
| well with HN, my own sites, fb, gmail, ...
|
| I think in today's Web we've achieved an incredible level of
| compatibility, interoperability, and accessibility.
|
| Are there many sites which don't work across 25 years or 15 years
| or even 5 years worth of client software? Sure, but...
|
| There are also restaurants I don't go to, roads I don't walk
| down, and people I don't associate with...
|
| When a site tells me my browser is not good enough, I just turn
| around and stop visiting, e.g. twitter, reddit, imgur...
|
| The Web is better than ever for me, thanks to this strategy. I've
| heard it called boundaries and self-respect.
|
| --
|
| Written on a 2012 iPad mini with iOS 9.x Safari.
| chrononaut wrote:
| Are you not worried about security vulnerabilities?
| forgotmypw17 wrote:
| From where?
| Sunspark wrote:
| Speaking for myself here, no. It's not actually that easy to
| just "own" people randomly through their browser or network
| connection. First you have to be malicious, then you have to
| get them to engage with you directly, then you have to be
| skilled enough to have code ready to go for their specific
| circumstances.
|
| Most of the sites I visit are normal ones like HN. The ones
| that are not, there's only so much malware an advertising
| network can stuff in when ublock is present.
| blacksmith_tb wrote:
| It's laudable to keep old hardware in service, but there are a
| lot of serious security issues with such old versions of the
| browsers. If that machine is your only option, I personally
| would install Ubuntu on it, which would get you current
| versions of Firefox and Chrome (but of course wouldn't run OSX
| apps you may depend on).
| jacquesm wrote:
| They are really on a roll there, how many user hostile moves is
| that in the last 30 days? I think I lost count at 4. And all in
| the name of 'helping our users to improve their experience'.
| Since when is removing features that users depend on a positive?
|
| But with the competition as good as dead they can do whatever
| they want: the bulk of the audience is now captive and has lost
| either the willpower or the means to attempt to escape.
|
| It's about time we reboot this web thing.
| [deleted]
| hughrr wrote:
| Back to Gopher!
| decremental wrote:
| Look around you. Does it seem like doing bad things that some
| people have a problem with is some of kind impedes? There is
| always an overwhelming majority of people who don't care. That
| is their power. It's not going away.
| jraph wrote:
| > people who don't care
|
| You cannot care if you are not aware. It is a complicated
| matter which looks very abstract when you haven't had a
| chance to look into it and think.
|
| And then, some are aware and really don't care. But at least
| it is a conscious choice.
| deadbunny wrote:
| > But with the competition as good as dead they can do whatever
| they want
|
| Firefox works well enough for me.
| SomeBoolshit wrote:
| They've taken away user control over cookies per site years
| ago.
|
| People complained, Mozilla ignored the complaints and somehow
| this all just blew over because of browser extensions against
| tracking cookies.
|
| There's still no replacement for the "ask me every time"
| cookie dialog.
| jonnycomputer wrote:
| Yes. But you can see it all in developer tools. Just not as
| accessible. At least when you are on that site. Which is a
| limitation for sure.
| hu3 wrote:
| > you can see it all in developer tools
|
| Same for Chrome.
| Sunspark wrote:
| Firefox in addition to user-friendly features, also has
| containers which are an environment to isolate and manage
| cookies. A noteworthy example being the facebook container:
| https://addons.mozilla.org/en-US/firefox/addon/facebook-
| cont...
|
| Linking here to a previous discussion on Firefox containers:
| https://news.ycombinator.com/item?id=28353876
| [deleted]
| magicalist wrote:
| "how many user hostile moves is that in the last 30 days" seems
| a bit much for something that they are "planning on
| deprecating". It's not even clear if "making
| chrome://settings/content/all the place to manage storage"
| doesn't just mean everything is just going to move from two
| pages to one but have the same functionality.
| thih9 wrote:
| > Since when is removing features that users depend on a
| positive?
|
| Most google chrome users aren't techincal users; they aren't
| familiar with cookie data controls and won't care if they're
| gone.
|
| Google consistently drops technical features in the name of
| improving or simplifying UX for most of their userbase (in a
| way that's aligned with google's interests). This happens since
| the beginning of Chrome (merging the address bar and search bar
| seems like that to me); This approach is present in other
| google products too (e.g. it's harder than ever to override
| defaults in google search).
| firebaze wrote:
| Just sell your google stock in the next few months. I wonder
| why Microsoft doesn't sue Google, they're repeating the
| Internet Explorer story almost step-by-step.
| SquareWheel wrote:
| They've abandoned their browser for five years until it
| stagnated, slowing progress on the web for all?
| jraph wrote:
| > the bulk of the audience is now captive
|
| And they don't know it for the most part. People not into
| computers don't realize what is going on. Sadly, many people
| into computers don't really care neither.
|
| I still try to speak about privacy and why I think we should
| care when natural in the conversation with people who are
| likely to be interested. Often, people actually show interest,
| especially if you take their perspective in account.
| timwaagh wrote:
| Not so smart of Google. Ninety nine percent of their users won't
| use them and the ones that do are likely to be programmers. Maybe
| their own people. They have an outsize influence on what gets
| used and more importantly what gets supported. And that may mean
| a boost for the competition
| dessant wrote:
| Looking forward to a Google employee lecturing us about how users
| don't care about these details and how people don't want granular
| control over site data.
| BHSPitMonkey wrote:
| Not a Google employee, but yes - users absolutely do not care
| about manipulating individual cookie key/value pairs (and if
| they did, they would be web developers and know how to open
| Developer Tools).
| quaintdev wrote:
| Of course an average user does not bother about these controls.
| They don't even need to know what cookies are. Maybe they don't
| care today but now you are not even giving them opportunity to
| learn and take control back.
|
| The argument that no one uses it is just a front. Real reason
| is it serves in Google's interest to remove these and that is
| why they are doing it. Just like GTalk and RSS.
| BHSPitMonkey wrote:
| Why, in your view, does there NEED to be two UIs in the same
| application serving the same purpose?
| johncena33 wrote:
| Just out of curiosity, what's the percentage of users outside
| of devs do you think care about this feature?
| [deleted]
| Cipater wrote:
| You don't need Google employees for that. Majority of the
| comments on this post are people telling others that if they
| care they can use developer tools to find the functionality so
| they should shut up about this change.
|
| And so it goes....
| loosescrews wrote:
| Is it possible that they are combining the pages and will still
| have the same functionality? I personally find it very confusing
| that Chrome has two different pages for managing cookies. I
| pretty much always want the manage individual cookies page, but
| each time I find the other page first which only lets me clear
| all cookies and have to track down the page I really want.
| tehwebguy wrote:
| > By the way, before anyone runs off and yells "Switch to Safari"
| or something like that, keep in mind that Safari is actually in a
| worse state and doesn't have detailed cookie and site information
| at all.
|
| It does, but it's split between two places. You can see a list of
| all sites that have stored data in Preferences > Privacy > Manage
| Website Data... (no option to view here, just delete).
|
| You can also navigate to the site in the browser and then view
| the detailed data:
|
| - Check "Show Develop menu in menu bar" in Preferences > Advanced
|
| - Develop > Show Web Inspector
|
| - Navigate to the Storage tab
|
| On the left you'll see options for Cookies, Local Storage &
| Session Storage.
| nomoreplease wrote:
| Use Firefox?
| samizdis wrote:
| > You can also navigate to the site in the browser and then
| view the detailed data
|
| The author addresses this point (or has now addressed it) in
| the addendum to point out an "observer effect" shortcoming:
|
| _This information can be seen with the web inspector in both
| Chrome and Safari.
|
| Yes, but the crucial difference is that you have to navigate to
| an individual site in a browser window in order to see the site
| data in the web inspector. Whereas in the Preferences, you can
| get to the site data, for every website, without having to load
| the sites. And remember, the very act of loading a site can
| make the site data change, so there's an "observer effect" if
| you try to examine or delete it in the web inspector._
| BoorishBears wrote:
| Not that I think this has actually been applied by anyone in
| the wild, but it'd be fun to make a site that take advantage
| of this
|
| You can detect developer tools being open in Chrome pretty
| reliably, so detect dev tools have been open then "clean up
| your act" before there's a chance to view anything of note
| duskwuff wrote:
| This has absolutely been used "in the wild". One
| particularly nasty strain of ad-block-evasion scripts would
| detect the developer tools being opened, and would reload
| the page and disable most of its features to prevent them
| from being analyzed.
| BoorishBears wrote:
| The ad-block thing is where I first saw it, that and DRM
| for less-than-legal sites to prevent downloading (stops
| streaming if the dev console is open)
|
| I mean more specifically taking advantage of the awkward
| UI to cover up your tracks on local storage, it's
| something that's just devious enough that if you get
| caught (which is not difficult) it'll be hard to explain
| what you were doing, and you'll be trying to explain it
| to technical people
| sroussey wrote:
| Way back when, we thought about this for Firebug. One
| thing that came out of it was browsers started adding the
| console object (also because devs forgot to remove the
| calls on it).
|
| Even so, we added CSS and stuff to highlight elements and
| that was easily found.
|
| What do people look for today?
| duskwuff wrote:
| The two big ones are:
|
| 1. Watching window.innerHeight/innerWidth for sudden,
| large decreases, indicating that the user just opened the
| inspector.
|
| 2. Logging objects to the console with toString methods
| and checking if that method gets called.
| DaiPlusPlus wrote:
| 1. That could also be triggered by browser sidebar
| windows opening though. All of my browsers open dev-tools
| in a separate window so this is far from foolproof.
|
| 2. Ahhh, clever!
| hutzlibu wrote:
| 1. should be trivial to avoid, by opening dev tools in a
| new window
|
| but 2. I have no idea, except the browser vendors would
| add a "stealth dev mode"
| joombaga wrote:
| For 2 my first thought is the opposite. Fire the detected
| method even if devtools isn't opened.
| petre wrote:
| 2. JSON.stringify(object)
| hutzlibu wrote:
| But isn't the point that you want to detect what the
| foreign code does?
|
| So your solution would require inject your code into the
| code that wants to hide from you ... ?
| lmm wrote:
| I think the idea is you patch the console to display the
| objects without calling their toString methods.
| BoorishBears wrote:
| I don't think that works
|
| I might be off here, but I imagine console.log early
| exits if there's no console open, so it doesn't call
| toString
|
| If that's the case you can just write to the console in a
| loop and immediately know if one is open
| codezero wrote:
| Could you see the original cookie by inspecting the headers
| of the network request? This would presumably be the value
| before the page loads and gives access to document.cookie
| or a change triggered by a server-side header.
| sk5t wrote:
| Consider using something like https://mitmproxy.org/ to
| deal with a site so devious as to detect browser-level
| tools being used to inspect headers/cookies/etc.
| Thorrez wrote:
| Discord does this. Try to find the login cookie.
|
| When discord loads, it copies it out of localstorage into a
| js var and deletes the localstorage. So if you examine
| localstorage it will be empty. On page unload it copies it
| back into localstorage. So if you want to see the value,
| you have to make sure no discord tabs are open in your
| browser.
|
| I believe one reason for this is to prevent self-xss. It's
| hard for a malicious person to write a snippet of js to
| steal the login cookie now that it's no longer in
| localstorage. Another reason might be to prevent bots. It's
| hard for someone to automate a discord account if there's
| no way to get the account's login cookie.
| xg15 wrote:
| Wouldn't this cause problems with multiple tabs/windows?
|
| Like, if I have one Discord tab open (so localstorage is
| cleared) and I open a second one in parallel, will I be
| logged out in the second one?
| Thorrez wrote:
| I didn't look into it too deeply. Maybe if there are
| multiple windows they can communicate with each other in
| some way.
| brabel wrote:
| "in some way" --> probably postMessage to send the
| variable to the new tab.
| [deleted]
| codezero wrote:
| Not trying to defend anyone here, but I wonder if there's a
| non-nefarious reason for this.
|
| Specifically, there have been a lot of changes to cookies
| lately because malicious actors (malware/adware) figured out
| how to access the cookie store and infer/determine cookie
| information from other sites.
|
| I suspect that maybe this cookie store is kept in a more
| secure part of the application and only the cookies relevant
| to the site you visit get pulled out of it. It may even be a
| risk to have the information for all domains even loaded into
| memory for the application.
|
| With all that said, there should be some way to
| manage/introspect that cookie store from outside of the
| browser imho.
| wyager wrote:
| If the browser is designed properly (this does not apply to
| Safari), the UI can and should have totally different
| permissions from the site executor/renderer.
| dylan604 wrote:
| >If the browser is designed properly (this does not apply
| to Safari),
|
| Slow clap. Well done.
| mr_toad wrote:
| > Not trying to defend anyone here, but I wonder if there's
| a non-nefarious reason for this.
|
| The tools are designed for developers who often want to
| manually edit cookies on pages they are debugging.
| dotancohen wrote:
| I recently had to develop a feature that would have been
| much easier to develop and debug had I been able to view
| the contents of Local Storage and Session Storage before
| loading the site.
|
| A particular feature of a web application (shopping cart)
| had different behaviour depending if the page was loaded
| as "an initial pageview on revisit", e.g. the user coming
| from [search engine|other link|bookmark|url bar] or from
| normal site browsing. By storing data in both Local
| Storage and Session Storage, and comparing the two on
| page load, I could determine if the user, who had been to
| the site in the past, had just come back. This all had to
| be developed in the dark as the major browsers have no
| method of viewing Local Storage and Session Storage for
| websites not loaded.
| feanaro wrote:
| Let's remain serious. It is entirely within the capability
| of modern computers to admit a dialogue which would let the
| user view their cookies without magically exposing them to
| websites. There is no non-nefarious reason for this.
| codezero wrote:
| I agree, but I suspect this was also what was believed
| when they originally did it and adversaries found very
| clever ways to find that cookie store - that part at
| least is true, which is why I bother mentioning it, given
| the complexity of browsers it is likely very daunting to
| redesign this kind of thing around the existing features.
| Anyways, I'm glad I'm not working on browsers, it seems
| like an ever-losing cat and mouse.
| takeda wrote:
| Those two things are unrelated if there is such
| interaction and the fix was removing the dialog I would
| be scared to use that browser.
|
| So whether your theory is true or not, no one should use
| Chrome.
| codezero wrote:
| I agree.
| ptr2voidStar wrote:
| Thank you. The pretence (naivety) of "there must be a
| good reason" has to stop
| laumars wrote:
| There's usually a "good reason" -- however that "good
| reason" is subjective to the people maintaining the
| application and might not align with the preferences of
| its users.
|
| Reasons don't really matter to users though. It's
| pointless arguing if we should assume innocence or guilt
| because irrespective of the developers motives, if a
| particular feature is a show stopper for you then you
| switch to a platform that supports said feature. Anything
| else added to colour the discussion is irrelevant.
| [deleted]
| Thorrez wrote:
| Chrome already has functionality to put different sites in
| different processes and sandbox the processes, so that if
| there's a renderer bug, the attack is stuck in the sandbox
| of a single site and can only access that site's data. This
| also helps with CPU speculative execution bugs.
|
| https://www.chromium.org/Home/chromium-security/site-
| isolati...
| Kiro wrote:
| Same for Chrome so not sure what this article is about.
| DangitBobby wrote:
| The article is quite clear. The question is, why did they go
| backwards on functionality. They took a simple user interface
| and removed a single useful feature from it, and what remains
| is a much more tedious way to do the same thing. Why? What
| was the benefit? The author speculates that it's to make user
| cookie control more difficult.
| shock-value wrote:
| The reason was probably that no one ever needs to delete
| just a subset of cookies from a site. I certainly never
| have, and I'm a pretty technically-minded user. (Other than
| for development, in which case I'm using dev tools anyway.)
| [deleted]
| IIsi50MHz wrote:
| Counterpoint: I've many times had to fix presentation of
| or access to a site by purging just specific cookies. Two
| sites that have previously had these problems are
| RingCentral's web interface and AutoTask. Maybe a dozen
| or more others, but admittedly not many...however, when
| I've needed it, the problem has been persistent,
| requiring multiple fixes per day, over a few consecutive
| days or or even a couple weeks.
| SquareWheel wrote:
| Needing to delete specific cookies does arise
| occasionally, and we have dev tools or the cookie viewer
| under the lock for that.
|
| However, needing to delete those cookies without first
| viewing the page due to side effects - that is a very
| niche use case.
| xemdetia wrote:
| Is it? I feel like most of my atrocious cookie hand fix
| cases end up being broken redirects where you get
| redirected to some new url that errors, so loading the
| page doesn't help to get rid of the offending cookie.
| SquareWheel wrote:
| That would be an atrocious bit of engineering from the
| developer. But I suspect that even in that case, holding
| Escape as you load the page would kill the redirect.
| TheGoddessInari wrote:
| Not who you were responding to, but I've had that happen
| on Microsoft flows.
|
| Manually interrupting most flows is practically
| impossible. Too fast, and can chain across a half dozen
| (sub)domains near instantly. The web hasn't been that
| slow or simple in a long time.
| happymellon wrote:
| > I've had that happen on Microsoft flows.
|
| Yes, as mentioned, from atrocious engineering.
|
| See also that Windows can break the desktop due to their
| own advert.
| DangitBobby wrote:
| The feature was already created. What could be the harm
| of keeping it?
| jhoechtl wrote:
| I think they prepare for cookieless in favor of FLoC.
| gsich wrote:
| Why Safari? The only sane choice is Firefox.
| kmonsen wrote:
| Vivaldi? I certainty trust the people behind that one.
| brnt wrote:
| In those network analysis comparisons they didn't score
| well. And, they're sorta half open source, which is a bit
| weird. I can't say the facts bear their credentials out.
| takeda wrote:
| Same engine, they can cripple it easily.
| mynameismon wrote:
| Sure, but a lot of features in Vivaldi run separately
| from Chromium (like sideloading extensions). I don't see
| how they would be accepting this change into their fork.
| kortex wrote:
| Or Brave. Safari gives me too many issues. Brave has all the
| compatibility you'd expect from chromium.
| techrat wrote:
| Brave is just a shitcoin mining, referral link hijacking
| reskin of Chrome.
| brnt wrote:
| By default it doesnt, and although I'd certainly advise
| going over all Brave's settings once, then you have the
| safest (as in not outdated like some other privacy forks)
| and privacy respecting Chrome based browser around.
| m0zg wrote:
| They also run the only decent, independent search engine
| that has _its own_, _uncensored_ index. DDG was
| perceptibly worse than Google, but Brave Search is about
| on par, and the latency seems to be better as well. I
| maybe have to go to Google once or twice a month now
| instead of several times a day DDG would require. I know
| a bit about Google search, and frankly I'm stunned by
| what Brave was able to pull off here.
|
| I'm actually not against Firefox either, but they refuse
| to implement a profile switcher, and I need one to be
| able to fully and unambiguously isolate my work and
| personal accounts. What's particularly grating is that
| they already have profile support. Just not the UX to
| switch the profiles without pain.
| klipklop wrote:
| Don't understand the downvotes, but brave search is a
| pretty decent product so far. Competition is always good,
| especially in the area of search.
| m0zg wrote:
| The founder of Brave was canceled by the left for his
| religious opposition to calling gay unions "marriage".
| FWIW, I voted to call it that in my state, but I have no
| problem with someone holding a different opinion. That's
| sorta how democracy works. People get to have different
| opinions and then duke it out by voting. The
| authoritarian left can't have that, you must prostrate
| yourself before the one true dogma completely.
| dotancohen wrote:
| Any mention of Eich gets downvoted to hell, it's part of
| the "cancelling".
|
| Parent is 100% correct.
| dragonwriter wrote:
| > The founder of Brave was canceled by the left for his
| religious opposition to calling gay unions "marriage".
|
| Insofar as he was opposed by "the Left", it was for his
| _political_ actions in opposition to equal rights. The
| religious basis of that action was probably important to
| Eich, but it was immaterial to the opposition.
|
| > FWIW, I voted to call it that in my state, but I have
| no problem with someone holding a different opinion.
|
| Good for you.
|
| > That's sorta how democracy works.
|
| In a _liberal_ (in the classical, Enlightment-derived
| sense, not either of the narrower senses it is used for
| factional positions _within_ the US political system)
| democracy, you are _absolutely_ permitted to have a
| problem with, and (peacably) take action based on such a
| problem, with unwelcome political actions, including
| actual or threatened refusal to participate in economic
| exchanges with the perpetrator.
| m0zg wrote:
| This kind of thinking can go quite far if taken to its
| logical conclusion. The question therefore is, do _you_
| want to live in a world where everyone is fighting
| everyone else over the most irrelevant of actions or even
| wrongthink? I know I don't.
|
| I much prefer to be persuaded to vote for or against
| something than have to state my opinions under the barrel
| of a proverbial gun. After a free and fair election, I
| accept the results and move on, even if things do not go
| my way. Seems more civilized and less painful than all
| known alternatives.
| dragonwriter wrote:
| > This kind of thinking can go quite far if taken to its
| logical conclusion
|
| The logical conclusion of it being permitted is...that it
| will be done when the utility of the impact it is
| perceived as likely to have outweighs the perceived
| disutility of the protest action, including any
| beneficial exchange foregone. Which is, all in all, not
| very much, which matches pretty well with observed
| behavior.
|
| > After a free and fair election, I accept the results
| and move on, even if things do not go my way
|
| Well, when there is a free and fair election to strip you
| of fundamental liberties, and you lose, try to keep that
| attitude in mind.
| m0zg wrote:
| Bet it looks like that if your "protest action" is
| confined to Twitter and TikTok. From where I sit, your
| "protest action" over the past year achieved NEGATIVE
| results. Murders and crime are UP. Segregation is UP.
| Racial strife is UP. I fail to see the "impact" other
| than several billions in damage, rising crime, and a
| senile octogenarian in the White House, who is the direct
| cause of incarceration of hundreds of thousands of
| African Americans due to his own misguided "legislation"
| from the 80s. Wonderful, wonderful "impact".
| Closi wrote:
| I've just tried brave search and it does seem to be a
| good product actually - my only concern with all these
| providers is what is the monetisation strategy will be
| (Brave has called out ads, but it's not in their product
| at the moment). Looking at Brave's monetisation strategy
| for their browser it seems pretty shady (effectively
| steal the revenue from site owners for referral links and
| replace the websites ads with their own ads). They
| haven't tried monetising search yet so - Brave if you are
| reading this - please please please choose a different
| monetisation strategy and use the opportunity to be
| different to Google!
|
| I would love a company like DuckDuckGo or Brave to offer
| a _paid_ tier where I can just subscribe to an ad-free
| search engine (I would love Google to offer a 'Google
| Premium' with this, but let's be real that's not
| happening!).
|
| i.e. If you are competing with Google by releasing a free
| search engine with Ads, you have to provide better search
| results with Ads mixed in than Google which will be
| tough. If you found a monetisation strategy that didn't
| involve Ads, theoretically it should be easier to offer a
| better quality search result and better quality product
| than Google (because you are actually focussing on
| delivering the best quality results rather than the right
| mix of good-results and Ads to optimise revenue).
| m0zg wrote:
| So would I. I'd gladly and voluntarily pay, say, $10/mo
| for a family subscription, paid with crypto. I'm not sure
| why they aren't offering that.
| Closi wrote:
| Yeah, I don't see what the downside is either.
|
| For companies - It doesn't sound too hard to implement
| and seems like it would be a good source of revenue. Plus
| paying subscribers will be more 'loyal' in terms of
| moving their searches across.
|
| For users - you get more of a guarantee that the
| companies statements about privacy and impartiality are
| true, because there is less incentive for them to break
| that.
| m0zg wrote:
| Especially considering that crypto is already built into
| their browser.
| etc-hosts wrote:
| > I'm actually not against Firefox either, but they
| refuse to implement a profile switcher
|
| https://davemartorana.com/multifirefox/
| happymellon wrote:
| Multi-firefox is great, but is unfortunately Mac only.
| commoner wrote:
| Alternatively, Profile Switcher for Firefox provides a
| Chrome-like interface:
|
| https://addons.mozilla.org/en-US/firefox/addon/profile-
| switc...
| happymellon wrote:
| I couldn't tell from the link, but does it let me run two
| profiles side by side?
|
| This is the only thing that makes FF awkward for me when
| not using a Mac.
| tombrossman wrote:
| You can bookmark about:profiles and click "Launch profile
| in new browser" under each profile to open it in a new
| Firefox window.
|
| If you are using GNOME desktop you can also try this to
| integrate the profiles into the launcher. I wrote it when
| still using Ubuntu but I'm on Fedora now and it's the
| exact same steps:
| https://www.tombrossman.com/blog/2020/launch-firefox-
| profile...
| commoner wrote:
| Yes. With the extension, you can launch any other profile
| and a new window under that profile will be opened. There
| is no limit to the number of profiles that can be
| simultaneously active. The extension menu also lets you
| add, remove, and edit profiles.
| oshanz wrote:
| Isn't the containers does the same job?
| https://addons.mozilla.org/en-US/firefox/addon/multi-
| account...
| m0zg wrote:
| Does not isolate logins/passwords. A requirement for what
| I need it to do.
| mr_toad wrote:
| These days Google just takes you to the site with the
| most ads. The quality of the search results has nosedived
| in the last ten years.
| PostThisTooFast wrote:
| And they took away the ability to block specific sites
| from search results, so you're forced to wade through all
| the search-term-harvesting spam sites. The best example
| is the ones that simply republish StackOverflow content.
| Screen upon screen of them.
|
| Oh yeah, and Google got rid of the "+" sign that used to
| let you require the presence of a word in results,
| allegedly because of their "Google Plus" crap. Now that
| that's dead and gone, did they restore the "+" operator?
| Nope. Now you have to discover (and bother with) the
| "allintext:" prefix.
| m0zg wrote:
| Not just "today". In late 00s folks at Microsoft Bing
| noticed that every time they'd release relevance
| improvements, Google within a couple of days would boost
| its search relevance just enough to stay a pace ahead.
| The running theory at MS was that they had a lot of gas
| in the tank relevance-wise, but artificially hobbled it,
| so that it's just above Bing's. Why? Because fewer people
| will click on the ads if the results are _too_ relevant.
| They'll click on the links instead.
| techrat wrote:
| Stop drinking the kool aid, buh.
|
| If you have to go over the settings... A safe, privacy
| respecting browser wouldn't resort to any shady tactics
| in the first place.
| brnt wrote:
| I'm not drinking any koolaid, I just have not found
| anything better, apart from Firefox.
| nyolfen wrote:
| brave's default settings are almost certainly exactly
| what a privacy-oriented person would choose. it does not
| mine crypto, and it only pays you in crypto to view
| notification ads if you opt-in. i even gave the ads a
| shot but decided it wasn't worth the $2 a month or
| whatever, so now i just have a maintained, de-googled
| chrome, which is basically a description of the optimal
| browser in 2021. does firefox ask you if you want to
| install pocket yet?
| gsich wrote:
| If Brave is keeping Chromium updated, then it is possible
| that this will effect them also.
| sumedh wrote:
| I dont know much about Brave but thinking of moving to
| Brave on Mobile for ad blocking. Is Brave trustworthy for
| saving my Google credentials and credit card in the
| Browser?
| nyolfen wrote:
| imo the adblocker isn't as good as ublock, which you can
| install anyway, so there's no major advantage there. the
| good part about brave is that you get the benefits of an
| up-to-date chromium browser without google recording your
| activity. you can take or leave the rest of the stuff,
| but there are a couple of neat extras like tor support
| for incognito and auto-detecting 404s and linking to
| archive.org.
| kQq9oHeAz6wLLS wrote:
| Also check out Bromite, which is chrome with ad blocking
| for android.
| mr_toad wrote:
| > Why Safari? The only sane choice is Firefox.
|
| I use Safari because of keychain and continuity. For example
| my Mac Mini can autofill 2FA tokens sent to my phone.
|
| I use Firefox for web development and for sites I don't trust
| and don't want tracking me.
|
| I only use Chrome for Gmail and YouTube.
| bigsisl wrote:
| Is there any other reason then in case of using a mac OS?
| happymellon wrote:
| I use Firefox mobile because it provides the best YouTube
| experience.
|
| Adblocking, background playback.
| officeplant wrote:
| From the blog it sounds like Chrome's will be in a similar
| state after the update. Just another thing I'll have to
| navigate to in a tedious manner.
| fartcannon wrote:
| Use Firefox?
| Datagenerator wrote:
| I'm into watching telemetry data using tools like Pihole,
| Wireshark, DNSLookupView. Firefox is the only browser which
| does not invoke spontaneous connections and gives the user
| the Freedom to inspect and clear the cookie data. Google
| notoriously creates VPN tunnels to hide what it is sending
| and receiving. Your browser preference might determine many
| people's privacy if the narrative is limited to not so
| important things to me like speed and ease of use.
| yunohn wrote:
| > Google notoriously creates VPN tunnels to hide what it
| is sending and receiving.
|
| I've never heard about this, could you provide a source?
| Datagenerator wrote:
| The due diligence starts with research on the topic
| 1e100.net for example
| https://superuser.com/questions/75841/what-is-1e100-net-
| and-...
| notafraudster wrote:
| No comments I can see there seem to address VPNs; one
| notes that if you DNS block one of their domains, they
| connect via IP. But there's no discussion of VPN tunnels.
| I made sure to view all comments. Do you think you could
| forward a link that makes that claim?
|
| Unless you just mean that sending data over plain HTTP to
| these servers is in some sense a VPN tunnel because the
| resulting servers could forward it elsewhere?
| yunohn wrote:
| I don't see the VPN claim either, as expected.
|
| Most HN comments about these topics are plain FUD, and
| despite mentioning a bunch of intricate networking tools,
| the commenter still fails to address reality.
| xqyf wrote:
| Sure, both browsers have developer tools. This is much more
| opaque than a Settings menu.
| a3n wrote:
| What a weird design. Listing and viewing would often be done
| when you want to "clean things up, but not everything.
|
| Disclosure: never used or saw safari, and i don't have a mac,
| nor the mac nature.
| kiliancs wrote:
| What is the mac nature?
| gopher_space wrote:
| It's either an internally consistent UX or matching belt
| and shoes, depending on who you ask.
| PostThisTooFast wrote:
| Or cafe-oriented hipster douchebaggery, depending on whom
| you ask.
| ashtonkem wrote:
| Safari is also generally trending in the right way, while
| Chrome is headed in the wrong way.
| Bellamy wrote:
| Why so?
| butz wrote:
| We're coming up to times where websites are encrypted binary
| blobs and only browser who can open them is Chrome. And you have
| to provide your personal data, to access them, of course.
| arathore wrote:
| It's not even a niche use cases, many times IT teams would
| suggest deleting the cookies and cache for a specific site to
| overcome common login issues.
| alisonkisk wrote:
| The ranting in this post's HN comments is ridiculous.
|
| If you don't trust a site, delete its content or block it. It's
| not an invasion of your privacy because the UI doesn't let you
| pick apart the individual bits of encoded gobbledygook in the
| cookies.
|
| You need Dev Tools to make sense of cookies, and Chief provides
| that.
| zxspectrum1982 wrote:
| Why do browsers insist on alienating their users?
| gerash wrote:
| Looks like a reasonable change. Individual cookies are website
| implementation details that's only useful to the website
| developer.
| bugmen0t wrote:
| Regardless of the motivation behind this change, bear in mind in
| whose interest the company and browser is working: The
| shareholders.
|
| I can only think of one high-quality browser that belongs to a
| non profit. Mozilla Firefox. All money earned with it goes back
| to the browser. Sure, I've heard that executive may have been
| paid a subjectively "too high" salary and however true that may
| be: So far, no Executive who would actively question the mission
| and the core privacy principles has been able to stay for long.
|
| The web is the most open, most unowned application platform out
| there. It's too important for single-vendor control.
| londons_explore wrote:
| How many users are there who want to delete some but not all
| cookies for a site, yet aren't able to use the F12 developer
| tools to do so?
|
| I can see some users delete cookies to prevent tracking, but
| should those users really be deciding which cookies to keep and
| which to delete when nearly all cookies have very user unfriendly
| names and data contents?
|
| Given that, I agree with the Chrome team here. There shouldn't be
| a general-public UI to manipulate individual cookies, since
| making a mistake is very likely and leaks the user's private
| info. Power users can use the F12 tools.
| indymike wrote:
| > There shouldn't be a general-public UI to manipulate
| individual cookies, since making a mistake is very likely and
| leaks the user's private info. Power users can use the F12
| tools
|
| Um, I'm pretty sure deleting a cookie or too isn't going to
| leak my private data. If it does, it is because some third
| party website defaults to doing the stupidest thing possible.
| londons_explore wrote:
| The leak is that you think you've deleted the right tracking
| cookie, but since the site uses 20 cookies for tracking
| different kinds of state you haven't.
| phone8675309 wrote:
| Sounds like Chrome is moving more toward being a surveillance
| tool and ad delivery platform that also browses the web (well,
| more than it is right now anyway).
| minikites wrote:
| That's what happens when a browser made by an advertising
| company becomes dominant.
| booi wrote:
| It's more and more obvious we need competition in the browser
| space. Firefox as an excellent and performant alternative.
| Personally I use Chrome for work and Firefox for personal
| stuff.
| coldacid wrote:
| Firefox, and the Mozilla organization itself, has its own
| fair share of issues.
|
| I really wish more people would look at and help develop
| NetSurf[0] or other lightweight browsers with their own
| layout engines More importantly, I wish that regular users
| would stop going with the 900 pound Chromium/Blink gorilla,
| and instead use a greater variety of browsers/engines. This
| browser monoculture is just pure death.
|
| [0]: https://www.netsurf-browser.org/
| nichos wrote:
| It will need Windows support to gain any real traction.
| gaoshan wrote:
| I've had decent luck with Vivaldi lately.
| nicce wrote:
| Please note, that it is Chromium based as well.
| vimy wrote:
| Why not use Edge if you need to use a chromium based browser?
| krono wrote:
| It's like Chrome, but better in pretty much every way.
| Never thought I'd say this but Edge is actually pretty
| good!
|
| Very frequent and large feature updates, deepening
| ecosystem integration that uncharacteristically doesn't get
| the way if you don't use it.
|
| I always get a bit anxious when one of these massive
| enterprises suddenly gets up and starts moving with
| newfound focus, and MS is pretty much sprinting on Adderall
| at this point.
| anizan wrote:
| I use edge on Windows and it never gets in the way like
| Chrome. No annoyance whatsoever and felt zippier too
|
| Unfortunately on Mac, I have to run some JS heavy apps
| and Firefox's performance on those is dismal. Jetstream
| benchmark for Chrome is 102 vs Firefox at 65.
| murderfs wrote:
| I refuse to use it out of spite in response to how hard
| Microsoft has tried to force Edge down everyone's throat:
| resetting the default to Edge after a windows update,
| making start menu searches go to edge regardless of the
| default browser, etc.
| [deleted]
| core-e wrote:
| Do other Chromium based browsers like Brave count? Or do they
| need be completely separate browser architectures like
| Firefox and Opera?
| MiddleEndian wrote:
| Opera uses Chromium nowadays.
| sebow wrote:
| Google has being a surveillance tool since it's inception, they
| cannot work without accumulating and/or embedding people's
| data.
| AJ007 wrote:
| It's been that way since they forced logged you in on Chrome
| whenever you logged in to any Google website.
| iamfbpt wrote:
| Hope brave does the same as soon as they can.
| Ajedi32 wrote:
| Seems reasonable. If you want detailed information about the
| contents of individual cookies that's what developer tools are
| for. A simple "clear data" button seems far more usable for
| normal users.
| iamfbpt wrote:
| Hope Brave Browser does the same asap.
| NVHacker wrote:
| Anyone still uses Chrome for personal stuff ?
| travoc wrote:
| No, my household has shifted everything to Brave or Safari with
| AdGuard.
| nicce wrote:
| Brave is also developed by yet another ad based company, and
| is also Chromium based.
|
| I'm not so sure if grass is greener on this site, as the
| money always decides in the end.
| propogandist wrote:
| It's an operation that still need their bills paid. It's
| created and run by the guy that created firefox and
| javascript, I'd rather trust him than a publicly traded
| advertising company that generates 80% of its revenue by
| harvesting user data and influencing search results.
| nicce wrote:
| There is no denying he is innovative, but his morals or
| principles are not very pure. There is a reason why he
| left Mozilla and why some actions of Brave are quite
| questionable.
| 1vuio0pswjnm7 wrote:
| "As far as I know, there's been no public discussion of this
| change, and Google employees may have accidentally leaked the
| information to me in my innocuous bug report."
|
| There are constant changes to Chrome and these get pushed out in
| "updates" to selected groups of users, aka "Field Trials". I have
| never seen any public discussion of any of these changes prior to
| including them in automatic updates. What makes this change to
| user control over site data any different. In fact, I can recall
| years ago Chrome used to let users change Javascript and Cookies
| settings on a global or per site basis, and from the Address Bar
| not only a "Settings" page. Then, without any discussion or
| debate amongst end users, Google changed Chrome. (Note Javascript
| is needed to store site data via "LocalStorage".) Today, in
| "Guest mode" on a Chromebook, it's impossible for the user to
| disable Javascript or Cookies globally in Chrome. Being logged in
| to the Chromebook is a prerequisite for globally disabling
| Javascript or Cookies. There is never debate on these design
| decisions. These are dark patterns. How effective are user
| complaints at influencing Chrome development. Please cite
| evidence. Perhaps what we need are user-controlled solutions.
|
| Side note: I can remember a time when it was considered a
| monumental task to get the entire web-using population to
| download a new/updated web browser. Almost like a flag day.
| Today, there is no need for a campaign to get users to "install
| the latest version of [web browser]." The concept of automating
| updates is great, but I am not a fan of today's software using
| "automatic updates" because the way in which developers are using
| it is user-hostile.
|
| "In my opinion, this change is very unwelcome. It takes away a
| lot of information and control from the user. For what benefit?"
|
| BEGIN Devil's advocate/"Google's advocate"
|
| Since this is "the orange site", usually it begins with something
| like, "Googler here. Opinions are my own not Google's."
|
| Our confidential studies show that individuals like the blog
| author comprise a minority of Chrome users. The majority of users
| are not aware of such "issues"; they do not publish blogs or give
| feedback to Google. By all accounts the majority remain satisfied
| with Chrome as they are not switching to alternatives. We have
| dominant market share. Our focus is on delivering the best
| experience for users. Lucky for us, this also happens to be the
| best experience for our customers, advertisers, and therefore the
| best outcome for Google. Its win-win-win. It would not be an
| efficient use of our limited resources to offer a version of the
| Chrome browser (e.g., field trial) that met the requirements of
| this blog author, but failed to meet the evolving requirements of
| Google. Altough we provide free services to our users, we are a
| business not a charity. If we fail, then the entire world
| suffers. However we are continually experimenting with
| improvements to the browser, e.g., based on lawsuits that
| governments file against us, and we are testing them on various
| segments of our user base, without needing the user's prior
| approval for every update. We believe this is the best use of
| Google's limited resources.
|
| END Devil's advocate/Google's advocate
|
| The orange site commenter's task should be to refute the Google
| advocate (or defend it). Or even better, give us a more
| entertaining/thought-provoking Devil's advocate. A fundamental
| rule of negotiation is that if one can understand the other
| side's arguments, then she will be far more effective at
| advancing her own arguments. ("It's difficult to determine
| Google's motivation for this change." Maybe that's intentional.
| Maybe Google does not want to open these decisions up for
| "debate" or negotiation with those affected, i.e., end users.)
|
| "I hope to spur a public debate about it and give some pushback
| to Google before they make too much "progress" on the change in
| Chrome."
|
| Good luck. Can someone remind us when that has ever worked before
| in bringing about changes by Google for the sole benefit of
| users.
|
| With Privacy Sandbox/FLOC, it appears that debate did stop _other
| browsers_ from adopting it, but it did not stop Chrome from
| adopting it.
|
| The more interesting question IMO is what are the possible
| solutions and how well do they work in practice. For example,
|
| 1. Stop using Chrome
|
| 2. Use some Chrome extension that "solves" the problem
|
| 3. Complain about Chrome on a blog or in a forum and hope for the
| best
|
| Personally, I have chosen to control site data outside the
| browser, using a forward proxy. The proxy software does not
| automatically update itself, it does not run "field trials", and
| it is not being sued by dozens of goverments. I do not have to
| make complaints on a blog to try to influence its development.
| Unlike a web browser from an online advertising funded entity, I
| have reasonable control over the operation of the software.
| Through the proxy I can control browsers like Chrome, including
| headers such as cookies and clear-site-data
| (https://developer.mozilla.org/en-
| US/docs/Web/HTTP/Headers/Cl...). Nonetheless, I fully subscribe
| to #1 as the current best solution.
| 1vuio0pswjnm7 wrote:
| s/and it is/and its sponsor is/
| SLWW wrote:
| Firefox Nightly is a pretty good browser imho
|
| Also it just so happens that there are extensions that allow you
| detailed (read: raw and editable) cookie data for each website
| you visit!
| deathanatos wrote:
| I use & love Firefox, too, but do note that the author's
| criticism directly applies to it, too: AFAIK, FF will not show
| you the individualized cookies, or all you to act on them
| individually.
|
| Now, as you say, you can download an extension (and indeed, I
| do!), but I think there is some merit to it being in the base
| app. (E.g., not having to trust an extension. But also, it's
| part of _Firefox_ 's data, and FF should provide decent tooling
| for itself.)
| prox wrote:
| I don't think so, but can't test right now, pretty sure I
| deleted cookies and a cache for one particular domain
| recently.
| Sebguer wrote:
| The chrome change doesn't stop you from being able to
| delete cookies and cache for individual domains, it's the
| ability to inspect _specific cookies_.
| acabal wrote:
| That data is available in the developer tools, under the
| Storage tab. Individual cookies can be viewed, edited, and
| deleted. Not very useful for the average user, but the option
| is there and I doubt the average user even knows what cookies
| are, except that they're something you constantly have to
| click "yes" to nowadays.
| yborg wrote:
| Firefox used to show individual site cookies in the Manage
| Data dialog, this was removed at some point.
| kenhwang wrote:
| I'm running the latest developer build and it still has
| this. It only shows number of cookies by domain and allows
| deletion by domain, and you'd have to use dev tools if you
| wanted to look at or delete a single individual cookie.
| KORraN wrote:
| > I'm running the latest developer build and it still has
| this.
|
| Hmm, are you sure about that? IIRC, Firefox 90 had
| ability to remove cookies per exact subdomain in that
| view (i.e. account.google.com), since version 91 there's
| only an option to remove cookies for whole google.com
| domain...
| n3dm wrote:
| For what it's worth, Firefox's official abbreviation is Fx,
| not FF.
| konspence wrote:
| Minus the routine kernel panics it's causing on my M1.
|
| Or is that defective hardware?
| nsajko wrote:
| How can you blame a kernel panic on an unprivileged userspace
| program? That doesn't make sense. I.e., Firefox can maybe
| _trigger_ a kernel panic, but the blame lies either with the
| kernel or, indeed, with defective hardware.
| [deleted]
| cpmsmith wrote:
| You don't even need extensions, that's available in the stock
| developer tools. Though you have to be on the site at the time
| to access it.
| einpoklum wrote:
| Firefox crippled extension support several years ago, denying
| them access to the internal APIs for JS code.
|
| ... this, despite the fact that all the APIs are there, and
| internally, FF is essentially a bunch of "chrome extensions"
| on top of the C++ core. That is, the only thing that was
| removed was the ability to _load_ extensions.
|
| FYI.
| derefr wrote:
| Anyone here ever wanted a UI outside of the Devtools for deleting
| individual keys out of a site's localStorage?
|
| No? Didn't think so.
|
| If this individual-cookies-manager settings page didn't already
| exist, would you think it worth it to introduce one? More worth
| it than an individual-localStorage-keys-manager (which clearly
| nobody is scrabbling for)? If so, why?
| rtpg wrote:
| Ummm loads of time I end up in weird redirect loops that I
| solve by deleting cookies one-by-one.
|
| When dealing with cookies I don't want to just wipe all of
| them! Sometimes I just want to deal with some of them. Not as a
| developer but as a user of the SSO multidomain 20-redirect
| hellscape
| derefr wrote:
| Maybe you didn't understand the rhetorical intent of my
| question. Let me restate.
|
| There are _just as many_ weird problems with websites that
| _cannot_ currently be fixed in this "pick and choose"
| manner, because the corrupted state is a single key in the
| site's localStorage. Instead, the current solution is "blow
| away the site's localStorage as a whole." (And, in fact, it's
| usually even less granular than this; you'd usually hit
| "clear Storage" in the Devtools, blowing away localStorage,
| AppCache, and a number of other things, all at once.)
|
| Sites' localStorage is thought of as a kind of opaque per-
| site database--not something to be picked through by users,
| but rather something that's either in a valid state, or in a
| corrupt state where it should be purged.
|
| And, as far as I know, that paradigm has been working just
| fine for everyone! Nobody knows enough about a site they
| didn't develop themselves to make a change to a single key in
| a site's localStorage that will take it from a corrupt state
| to a valid state. The average user--even the average
| developer--is only likely to corrupt the state further, by
| making changes roughly at random. We all just "purge
| localStorage" as one of the "the site is doing weird shit"
| debugging steps, and never ask for a finer scalpel than that
| --because that fine scalpel would essentially be akin to
| picking through the site's memory one raw address-value pair
| at a time. There'd be no _context_. It 'd be useless, unless-
| and-until you went through a laborious brute-forcing process.
|
| It's great that you've figured out how to delete particular
| individual cookies for a site, but you must realize that you
| _learned_ what worked in each case by brute-force trial and
| error, in ways that likely corrupted the site 's state
| innumerable times before you created a new valid state. That
| what you were doing was essentially akin to creating a Game
| Genie code for the website, poking and prodding at its
| (opaque!) memory in the hopes that you'll get a useful
| result, rather than a program crash.
|
| And the argument being put forward in this comments section,
| is that the _mindset required_ to create a Game Genie code or
| something like it, automatically implies that the right
| "home" for said process is the Devtools UX anyway. The
| Devtools UX gives you the tools needed for _iteration and
| experimentation_ (a REPL; a live view of the site as you poke
| at it; etc); while the Settings UX is for knobs and switches
| where you _know_ what button you want to press from the
| start, and just need an efficient navigation hierarchy that
| will let you find it and press it.
|
| By deleting individual cookies within a site's cookie jar,
| you're _debugging that site_ --poking and prodding at it
| iteratively--whether you call it that or not. So why expose a
| secondary, _non_ -iterative interface for doing so? You'd
| just be encouraging people to do an inherently-iterative
| process _more painfully_ by using a non-iterative interface.
| notatoad wrote:
| i typically access this information by clicking the lock icon in
| the URL bar. is that going away too, or just the version in the
| settings page (which i didn't know existed until now)
| sschueller wrote:
| What the hell happened to Google? Who are these complete idiots
| running the show?
| edoceo wrote:
| You may have forgotten: Cash rules everything around me. CREAM!
| Get the money man! Dolla dolla bill y'all.
|
| Wu-Tang is forever.
| sumtechguy wrote:
| That is the rub though. The dialog to do this is basically
| 'done'. This means someone spent time and money to make this
| 'go away'? Why? Just leave it be seams reasonable?...
| coldacid wrote:
| Because Google figures, and they're probably correct, that
| removing it would prevent the average luser from even
| considering that they could take these privacy-friendly
| steps in the first place, which ends up putting more money
| in Google's pockets from the advertisers.
| micromacrofoot wrote:
| when you've eaten everything you've got no choice but to start
| eating yourself
| da_chicken wrote:
| The same idiots looking ad and data mining revenue, and then
| seeing what their customer's demands are.
|
| Their customers being the ones who are buying services from
| Google.
|
| Not you.
|
| You're the _product_.
| beerandt wrote:
| Tired of this excuse.
|
| If the audience is the product, Google still has an interest
| in selling a quality product. That means not running off more
| and more of the most tech savvy "product" segment.
| brezelgoring wrote:
| "Tech savvy" and "not tech savvy" are just 2 of hundreds if
| not thousands of tags put in your info, to steer it into
| the proper SALE buckets.
|
| The 'you are the product' adage is true, but there isn't a
| single quality you can have that makes you stand out from
| thousands if not millions of others. Advertising is a
| numbers game for them.
| beerandt wrote:
| Yeah, but there's an interest in keeping those numbers
| around, and they have a disproportionate influence.
|
| Who does grandma or cousin Bob call to "fix" their
| computer? Who's controlling what browsers get installed
| on corporate networks and at elementary schools? Or
| picking the online class systems (and compatible
| browsers) at universities?
|
| They run off more than the one segment they piss off.
| ComputerGuru wrote:
| > If the audience is the product, Google still has an
| interest in selling a quality product.
|
| Not if they are the only ones left in the game.
|
| Under Google's tutelage, the scope and complexity of the
| web has grown to where it's near impossible to create an
| alternative from scratch.
| throw_m239339 wrote:
| The advertisers are the customers, your data is the
| product.
| da_chicken wrote:
| > Tired of this excuse.
|
| When it stops being true, it will stop being trotted out as
| the explanation for why Google keeps making their browser
| better for their ad revenue business.
|
| > If the audience is the product, Google still has an
| interest in selling a quality product. That means not
| running off more and more of the most tech savvy "product"
| segment.
|
| Why do you think the most tech savvy segment is the target
| audience? Do you have any idea how many advertising dollars
| there are in the 12-17 and 18-24 brackets?
| beerandt wrote:
| >Why do you think the most tech savvy segment is the
| target audience?
|
| Tech savvy doesn't equal hn users.
|
| You think teenagers and college kids aren't using ad
| blockers or selectively clearing browser history?
|
| There are tech savvy users across all marketing
| demographics.
|
| >When it stops being true, it will stop being trotted out
| as the explanation
|
| It's not really an explanation, though. It's a half-baked
| observation.
|
| Movie theaters make money on concessions, but need the
| good movies to draw a crowd.
|
| Dealerships make their money on service, but still need
| to sell cars to get that customer base.
|
| Even if it's true by some skewed definition, it's mostly
| irrelevant.
|
| It implies that it doesn't matter what they do to users,
| and have no interest in keeping them satisfied, and
| that's false. They might want to increase ad business,
| but that don't do that by allowing users to slowly
| trickle to alternatives. Look at firefox's fall from the
| top. There wasn't a breaking point, but a constant
| trickle due to usability and performance.
| dylan604 wrote:
| >That means not running off more and more
|
| Googs: Fine, where are you going to go instead?
|
| FB: Fine, where are you going to go instead?
|
| Insta: see above
|
| Twit: see above
|
| These people are just fine without the 10 devs that might
| throw a hissy. (technically 9, because I have to count
| myself)
| nobody9999 wrote:
| >If the audience is the product, Google still has an
| interest in selling a quality product. That means not
| running off more and more of the most tech savvy "product"
| segment.
|
| I'd say there's an argument to be made for pushing out the
| tech savvy from using Chrome.
|
| Compared to the total user base, those folks are a tiny
| minority who often cause problems by complaining about
| privacy invasions and develop/use privacy focused
| extensions.
|
| Why would Google want the small group of folks who draw
| attention to and sometimes (gasp!) create extensions that
| limit the ability of Google and Chrome to track/monitor the
| product herds?
|
| If the folks who actually have a clue as to what Google is
| up to and how they're implementing it are driven away from
| Chrome, there will be fewer folks implementing privacy and
| related extensions for Chrome.
|
| Anheuser-Busch doesn't care that a professional brewer is
| unlikely to buy cases of Bud Light. In fact, I'm sure
| they'd prefer they didn't, as that would likely invite
| negative feedback from those folks.
|
| Having a docile, uninformed pool of "product" to be sold to
| advertisers gives Google the opportunity to implement more
| and more tracking/advertising features into Chrome with
| less pushback from the "product" is likely seen as an
| unmitigated good by the rapacious and unethical scum who
| want ever more tracking/monitoring in browser-based
| interactions.
| ByteJockey wrote:
| Except that tiny minority includes nearly all developers,
| the people that make things to put ads on.
|
| To extend your analogy, it's not Anheuser-Busch pissing
| off the brewers. It's Anheuser-Bush pissing off all the
| hops farmers.
|
| Google's in the same position Microsoft was in the 00s.
| They don't make most of the stuff people actually want to
| use. You piss off the people making the stuff, eventually
| they start making stuff elsewhere.
| nobody9999 wrote:
| >Google's in the same position Microsoft was in the 00s.
| They don't make most of the stuff people actually want to
| use. You piss off the people making the stuff, eventually
| they start making stuff elsewhere.
|
| I hope you're correct about that. That said, I won't hold
| my breath.
| mark_l_watson wrote:
| A bit off topic, but I frequently just delete all cookies on all
| browsers on my devices. Since I just use Safari on
| iOS/iPadOS/macOS and Chrome on Linux, this is such a quick thing
| to do.
|
| I also try to make using a private browser tab or page as my
| normal way to do web browsing.
| melbourne_mat wrote:
| Agreed. Duck Duck browser on Android has a very prominent
| "burn" button next to the URL bar which deletes everything.
| It's great!
| nichos wrote:
| Same with Firefox focus on Android. Has a trash can ready to
| reset the browser.
| antisthenes wrote:
| It's hard to tell from the article, but aren't detailed cookies
| still available through dev tools?
| grishka wrote:
| You don't even need the dev tools -- you can view individual
| cookies by clicking the lock icon in the address bar and then
| "cookie settings".
| antisthenes wrote:
| Yeah, but if that's the case, then I'm completely lost about
| what's getting removed from Chrome?
| ehsankia wrote:
| In my experience cookie control in Chrome have always sucked.
| There's barebone support in dev tools but everyone time I've
| wanted to do anything serious, I've always relied on more
| powerful cookie editing extensions.
| [deleted]
| [deleted]
| flippinburgers wrote:
| This is just a move to obfuscate understanding of cookies per
| website. Weird.
| putlake wrote:
| I regularly use site-specific controls, mostly for Javascript.
| Let's hope Edge retains it.
| foota wrote:
| I don't get why people think this is a move with some agenda,
| most likely they just don't think enough people use the single
| cookie deletion functionality to warrant having it in the
| settings vs the dev tools.
| [deleted]
| BHSPitMonkey wrote:
| The hyperbole in this thread is insane. I would wager that none
| of the furious "this is pure evil!" commenters in this thread
| even knew this particular settings page existed before today
| (and I'd bet they still don't know the information is already
| exposed in the URL bar).
|
| Nobody who isn't a web developer is out there trying to guess
| what individual cookie names/values mean or wants to delete
| individual ones. At most, they just want to be able to clear
| them per-site (or across the entire browser).
|
| Anyone else will use the Developer Tools UI that's better
| suited for the task.
| jychang wrote:
| Deleting cookies for a group of sites is essential, though,
| and they're removing that.
|
| Think facebook.com, fbcdn.net, etc.
|
| I end up having to delete cookies for Cars.com every other
| week, because sometimes the search function would corrupt
| something and every page would return a blank white screen.
| BHSPitMonkey wrote:
| No they're not. That feature exists on
| chrome://settings/content/all, which the article states
| they're keeping (as it's preferred over the separate menu
| being removed).
| qutreM wrote:
| Chrome in 10 years will be like a TV... all you will be able to
| do is switch between a few hundred channels
| SquareWheel wrote:
| Browser dev tools are more powerful now than ever before, and
| they're only a single key press away.
| qutreM wrote:
| Dev tools are next... same argument... not many people use
| them.
| SquareWheel wrote:
| You can't have consumers without producers. Dev tools are
| an integral tool to building websites and webapps today.
| They're still receiving considerable investment from
| browser vendors. I see new features in almost every
| release.
| aravindet wrote:
| Browser tools could certainly be un-bundled from the
| browser itself and distributed behind a "Google
| Developer" account, with your access cut off if you do
| something that threatens any of Google's numerous
| businesses.
|
| I believe this is how iOS development works.
|
| Admittedly we are very far away from this scenario, but
| let us not delude ourselves into thinking (a) that it's
| impossible, or (b) that it's not in Google's interest to
| do this once they are confident enough in their market
| power.
| dtjb wrote:
| To what end? What benefit does google get by preventing
| developers from developing for their product?
| zo1 wrote:
| They won't prevent developers from developing their
| product. The change will be an "improvement". It'll be "a
| new developer focused tool for testing and developing
| your web sites" or some other marketing speak. Or it'll
| be an app you install from the chrome store.
| feanaro wrote:
| lol. Because it's such an unimaginable hassle having to keep
| this code lying around in the codebase.
| tyingq wrote:
| Maybe it's changed, but walking a customer through clearing
| some specific cookies was a common help desk thing. To deal
| with shitty websites...PayPal had this problem for a long time
| where you would get an obscure error until you manually cleared
| a cookie.
|
| This will be harder, especially where you need to clear cookies
| on different domains like a login page, saml page, account
| page, etc.
| renewiltord wrote:
| You had to clear one cookie on Paypal and leave the rest?
| Jesus Christ, what a nightmare! Do you happen to recall what
| situation that was? Just curious to read in a Daily WTF
| sense, not challenging you to prove it.
| tyingq wrote:
| You could clear "all cookies for all sites", but that tends
| to piss customers off, as pre-filled fields for many
| websites are no longer pre-filled.
|
| If I remember right, clearing it for one site didn't help
| because clearing "login.paypal.com" cookies didn't clear
| "some-other-thing.paypal.com" or "www.paypal.com". They
| seem to use www.paypal.com for everything now.
|
| Google for: "paypal Your browser sent a request that this
| server could not understand" for one example
|
| Or "paypal your last action could not be completed" for
| another.
| renewiltord wrote:
| I googled for those and it's funny but sadly not as
| entertaining as I'd hoped. All the responses involve
| clearing all cookies for paypal.com at al.
|
| > _If I remember right, clearing it for one site didn 't
| help because clearing "login.paypal.com" cookies didn't
| clear "some-other-thing.paypal.com" or "www.paypal.com".
| They seem to use www.paypal.com for everything now._
|
| Right, but that's not a problem that this particular
| change is going to do anything about. Previously, you had
| to find all the different paypal domains and whack their
| cookies and now you have to do the same. The
| functionality you can't do in the Preferences window now
| (but you can in DevTools) is find a single cookie in a
| single site and whack that one. _That 's_ the one that
| would be Daily WTFy.
| tyingq wrote:
| Ah, got it. I read the screenshots as the "search" was
| also going away. I do have that 'single cookie' thing
| with another service where I have to delete one called
| TICKET_something, but I'll fumble through it I suppose,
| or use an extension.
| renewiltord wrote:
| I've mostly used this functionality to get my cookie out
| for Phantombuster.
| crazygringo wrote:
| Exactly this. All the functionality is already built into
| Chrome right here:
|
| https://developer.chrome.com/docs/devtools/storage/cookies/
|
| Contrary to the headline, Chrome _isn 't removing the ability
| to do anything_ -- they're just removing it from the
| _preferences_ interface, where I 'm not sure it really ever
| made sense to include in the first place.
|
| Truly, editing/deleting individual cookies isn't something any
| regular user ever needs to do -- just clearing per-site, which
| continues to exist in preferences.
| feanaro wrote:
| > where I'm not sure it really ever made sense to include in
| the first place.
|
| So move it somewhere where it makes more sense.
|
| > Truly, editing/deleting individual cookies isn't something
| any regular user ever needs to do
|
| No true Scotsman? If the user needs to do this, they're
| automatically not a regular user, or what?
|
| Anyway, hard disagree.
| zamadatix wrote:
| > So move it somewhere where it makes more sense.
|
| >> All the functionality is already built into Chrome right
| here:
| https://developer.chrome.com/docs/devtools/storage/cookies/
|
| It can't both be redundant and be solved by moving one of
| the interfaces somewhere else. Either you meant to say it's
| not redundant and is needed but didn't list any reasons why
| you think this or your idea of simply moving the redundant
| interface elsewhere doesn't change the point made as it'd
| still be rudundant and not needed, just elsewhere.
|
| > No true Scotsman? If the user needs to do this, they're
| automatically not a regular user, or what?
|
| The "No true Scotsman" fallacy comes after redefining the
| group once a valid counterexample from the original group
| is defined. It's not a fallacy in itself just to claim a
| group has an attribute, the claim is still falsifiable and
| testable by bringing forth the counter case to why a non-
| developer needs or wants to use a separate settings UI for
| it. "non-devoloper" wording chosen instead of "regular
| user" particularly because the ability is still in the
| developer UI and maybe that'll make the claim about
| "regular users" a little more defined.
|
| If this were disabling the ability for users to clear
| cookies for a single site I'd hard disagree but I'm
| wracking my brain to find a realistic case a non-developer
| user needs/wants to view and clear individual cookies
| instead of site based cookies or all cached objects for
| that specific page. It's seemingly by definition only
| useful when identifying and fixing bugs from reviewing the
| source/dev console logs and "clear the cookies for the
| specific site" is already seemingly rare enough for a user
| to be told to do by generic troubleshooting. If being told
| to do it by a developer or support agent the console is
| still there and again I think it's fair to say we are
| veering far from typical things that user cares to have in
| a settings UI vs where it is in the dev console.
| canada_dry wrote:
| > deleting individual cookies isn't something any regular
| user ever needs to do
|
| I disagree. A problem just recently with a gov site req'd you
| delete their cookies to resolve it (as an interim solution
| until they get around some year to fix the issue).
| [deleted]
| renewiltord wrote:
| Right, so clear all the cookies for the gov site.
| Previously you could do that and now you can do that.
| Nothing has changed for this use case.
| yccs27 wrote:
| Settings vs dev tools does make a huge difference imo.
|
| The settings pane gives you a cleaner ui for quick
| changes (debatable, but I certainly feel this way). Dev
| tools can break your browser if you do things wrong. They
| are made for development and deep changes, not routine
| stuff.
|
| That is _not_ "nothing has changed".
| zacmps wrote:
| Dev tools absolutely cannot break your browser if you 'do
| things wrong'.
| missblit wrote:
| Hmm, I've never had devtools break my browser despite
| using it fairly extensively. I think I confused myself
| once by forgetting about a local override I had turned
| on, or accidentally cleared more cookies than I intended
| to, but that's about it.
|
| I have had locally compiled builds break my profile data
| once or twice, but that's a seperate issue.
| KingMachiavelli wrote:
| You can still clear cookies for a single site by clearing
| all data for the site. Does not require devtools. If a
| site is bad enough to require clearing cookies, clearing
| the cache & stored data is probably not a bad idea.
|
| If your site needs users to clear cookies, then you
| should fix your site. Clearing cookies is not a routine
| thing.
| Matthias1 wrote:
| You can still clear all cookies for a given site from
| within preferences.
|
| They're removing the listing of individual cookies for
| each site. So you can still remove all cookies from, e.g.
| Hacker News, but will no longer be able to see the
| individual names of the cookies, e.g.
| `ph_6CDb7STpzm64A_...`.
| livindub wrote:
| You can still delete per site cookies in the preferences
| no?
| renewiltord wrote:
| It is still in 'Settings', guys. It's in
| chrome://settings/content/all instead of
| chrome://settings/siteData . Read the third and fourth
| sentences of the linked article. You will literally be
| able to browse to it in Settings.
|
| I do have to commend you on the bold tone while being so
| misleading, though. Haha, good stuff. I propose a Law of
| Increasing Internet Indignation: indignation is a
| monotonically decreasing function of knowledge.
| michaelmrose wrote:
| Regarding renewiltord's law.
|
| Physician heal thyself.
|
| > If you click the disclosure triangle for one of the
| entries, you see... well, basically nothing about the
| site data. And there are no delete buttons for individual
| cookies. The only button is "Clear data", an all or
| nothing option.
|
| Site guidelines suggest that you ought to assume good
| faith on the part of your conversational partners and
| responsd courteously to the good faith interpretation of
| their words.
|
| I suggest you have simply misunderstood what people are
| complaining about.
| renewiltord wrote:
| I picked my words kind of carefully. "Clear all the
| cookies for the gov site". It'll solve the problem. Then
| the other guy misunderstood and thought it was a DevTools
| not Settings issue. Literally the problem _does not
| require_ "clear one cookie" functionality.
|
| That's not good faith interpretation. That's wholesale
| misinterpretation which is either incompetence or malice.
| If you want to play the whole "good faith" game, you
| _actually_ need good faith.
|
| You're all privacy groupies. You don't know anything
| about actual privacy. You're just an outrage squad. You
| know it. I know it. But you're performing for some absent
| audience that supposedly can't tell.
|
| Fine, this site is yours. Keep it. I'll go play with the
| shellfish.
| lobocinza wrote:
| Don't know if the same government but I can't access the
| site to pay the taxes which I have to pay monthly without
| clearing cookies.
| Akronymus wrote:
| Or also twitter, where it is unusable without logging
| in/blocking cookies (Which you can do from the preferences)
| Clewza313 wrote:
| The change is for clearing _individual_ cookies. You can
| still clear cookies _per site_.
| JeremyNT wrote:
| It's a self fulfilling prophecy. Make a useful feature
| difficult to discover, then remove it when few people discover
| it. The (not insignificant) current barrier for normal users to
| selectively remove cookies will be made even higher if you ask
| them to use dev tools.
|
| One could imagine a browser vendor who made this workflow easy
| because they thought it was in the users' best interest.
| Obviously, that browser vendor is not Google.
| arthur2e5 wrote:
| I recall being quite pissed when Chrome decided to remove the
| pick-character-encoding feature essential for digging through
| archives of older CJK sites. Odd things keep rolling out of
| the Chrome team with telemetry as their justification. Ah
| well, how am I supposed to argue against "data"?
| p_j_w wrote:
| >Make a useful feature difficult to discover, then remove it
| when few people discover it.
|
| How many people do you really think would ever need this
| feature in day to day use, even if it were extremely easy to
| find? The number is probably vanishingly small.
| ipaddr wrote:
| Millions. Big world out there
| topspin wrote:
| Seems like this capability would be better served with an
| extension. Most (as in nearly all) users will never play with
| individual cookies and the people that need to can turn to
| quality extensions with more capability than the browser is
| ever likely to build in.
| yalogin wrote:
| Yeah no. This is used by a lot of the population, may be not
| enough to register in their measurements but it's a good
| number. Not just that, this is a functionality that existed for
| so many years in every browser, why remove it? At this point
| the code comes almost free. The only explanation is they want
| to prepare their users to a time when cookies are gone.
| [deleted]
| hamburgerwah wrote:
| Just how much of a middle finger can they give to users before
| people wake up and move to Firefox? There was a time Firefox had
| some performance problems but that time has passed, it works
| every bit as well as Chrome does now, if not better.
| franklyt wrote:
| Firefox is not as performant as Chrome is. This is something a
| web developer will have come across, if not an average user.
| butz wrote:
| While Chrome performance is obviously better for browsing,
| somehow opening DevTools makes it work much slower. As for
| casual user, installing ad-blocker makes web browsing way
| faster.
| SquareWheel wrote:
| If you leave Disable Cache checked under the network tab,
| the web will be substantially slower with dev tools open.
| This is (likely) the default setting, because it's
| important for testing.
| sub7 wrote:
| firefox has been the only half decent option for a long time
|
| google is shit spyware
| PhantomBKB wrote:
| Cookie quick manager is a pretty good extension for managing
| cookies in Firefox. It gives you fine-grained control on all
| cookies for each domain.
|
| https://github.com/ysard/cookie-quick-manager/
| [deleted]
___________________________________________________________________
(page generated 2021-09-04 23:01 UTC)