Redirected from page "CookieJars"

Clear message

Proposed privacy feature for web browser

A bit of back-story

Cookies are small bits of data web sites can store on your computer. When the website creates a cookie, it can protect your information by choosing to limit the lifespan of the cookie, and the sites and pages which will get access to the data.

Whenever the user goes to a website, any cookies that site has access to are sent automatically with the request for the page.

Modern browsers do restrict cookies to a single domain, but that does not prevent website B from colluding with website A to read data and track users' activity.

It would have been nice if this functionality had been blocked as a security risk long ago, but it was not. As a result, many modern websites are designed to take advantage of it, and would not function if it was directly prevented.

Current Browser Privacy Features

All modern web browsers restrict cookie access to only the site which created it. This does not prevent various websites from colluding to track users, as described above.

Many web browsers give users an option to delete cookies, and to prevent cookies from being created at all. This prevents cookies from being used for tracking, at the cost of functionality. Many modern websites will not function properly without cookies.

There are some options for blocking cross-domain content, which does prevent tracking. It does so at the cost of functionality though, and an unexpectedly large number of sites do not function if cross-domain elements are blocked.

Proposed Solution

Privacy could be improved by allowing users to prevent the sending of cookies, even after they have been stored.

By allowing cookies to be created and used, and by allowing cross-domain content (with user-controlled access to stored cookies), we keep a broad range of functionality while preserving the users' privacy.

There are two distinct cases, which need different dialogs to be shown to the user.

Case 1: Same-Domain Access

This is the simplest type of cookie access, and happens while loading a URL in the URL bar, for which a cookie has been previously stored.

When a previously-stored cookie would be sent along with a same-domain request, a dialog might be presented to the user saying something like:

The dialog might have the following options:

It would make sense to have a user preference which would automatically choose 'Allow for this session' (for same-domain access only) on any cookies created during this session. This will reduce unnecessary prompts, and not create any privacy issues. If the site just created the cookie, it already has access to the contents.

Case 2: Cross-Domain Access

This is the most concerning type of cookie access, as it allows multiple sites to share information about the user's browsing habits. It happens when one website includes references to another (by way of images, stylesheets, and most importantly javascript files). The browser can detect this kind of access by comparing the DOM object window.location to the domain of the request. If they do not match, it is a cross-domain access.

When a previously-stored cookie would be sent along with a cross-domain request, a dialog might be presented to the user saying something like:

The dialog might allow any combination of the following options (possibly as drop-downs):

If cross-domain accesses are denied, the request should not be allowed to create any new cookies. An additional browser enhancement might be made to allow 'denied' sites to create cookies which are tied to the specific cross-domain pair, thus minimizing the degraded browsing experience.

CookieSecurity (last edited 2012-05-17 21:00:59 by calin)