back to article Apple: Relax, we're not totally screwing web apps. But yes, third-party cookies are toast

After three years of escalating restrictions on third-party cookies to protect user privacy, Apple on Tuesday went all-in with full third-party cookie blocking. That particular privacy-preserving step has only, to the best of our knowledge, been taken previously by the Tor browser; the Brave browser does so, too, albeit with a …

  1. Version 1.0 Silver badge

    I hate cookies

    I have Firefox set to "strict" tracking blocking, and delete all cookies and data when I close the browser.

    1. Alumoi

      Re: I hate cookies

      I'd like to introduce you to my friend, Cookie Auto Delete, which deletes all cookies when you close the tab.

    2. HildyJ Silver badge
      Thumb Up

      Re: I hate cookies

      Just to add, it can also be set up to delete local storage when you exit (or on demand). Plus uBlock Origin blocks most tracker sites.

      I also close Firefox periodically and at least once a day to clear it out. I will put up with the hassle of signing in again for the benefit of extra privacy.

      1. Jamie Jones Silver badge

        Re: I hate cookies

        I can't be the only one who's hacked up a small cronjob script that automatically converts all cookies (apart from those whitelisted) to session cookies, in all installed browsers?

  2. Charlie Clark Silver badge

    Progress

    "Deleting all local storage (including Indexed DB, etc.) after seven days effectively blocks any future decentralized apps using the browser (client side) as a trusted replication node in a peer-to-peer network,"

    Good

    wrote programmer Aral Balkan in a blog post. "And that’s a huge blow to the future of privacy."

    No it isn't: placing the browser at the core of a network is a fundamentally flawed approach: the network must be isolated from the application for precisely this reason.

    1. Graham Cobb

      Re: Progress

      I disagree. Take a simple example: if I store data in a web service (such as mail, dropbox, nextcloud, etc) I want to encrypt it so the service can't read it - with a key under my control and not stored in the web service.

      So, I need to keep the key somewhere safe: my phone may well be that place. I trust that to be in my possession a lot more than I trust a web service to promise that it isn't going to read my documents. For some levels of desired confidentiality and reliability (which are mostly traded off between each other in this sort of scenario), storage on my device, but visible to an app I run there may be exactly what I want. After all, Lastpass may be great, but it isn't designed for storage of 2048-bit encryption keys.

      If I specifically authorize a particular app to store data locally it should be able to store it as long as I want. What we need is to make sure is that is not available to apps by default, and that it is easy to review which apps are storing data, how much, and for how long.

      1. overunder Silver badge

        Re: Progress

        "I disagree. Take a simple example:..."

        O.K. but why does your "app" have to store the keys in the same place as a "web service"? Is that even a good idea?

      2. Charlie Clark Silver badge

        Re: Progress

        Local storage isn't for credentials because it's not considered secure this is why password managers don't use it.

  3. Anonymous Coward
    Anonymous Coward

    We always hear horror stories from "web developers"

    Anytime that Safari, Firefox or whoever improves privacy protection in the browser. Funny how the web is still functioning, listening to them squeal shouldn't it have fallen over and become useless by now?

  4. Pretty Ricky

    Good riddance to third-party cookies.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020