Hacker News new | comments | show | ask | jobs | submit login

Are you sure that setting "Accept cookies" to "off" will prevent third-party sites from reading cookies as well?

Based on the small amount of testing I did on couple versions of Firefox, disallowing third party cookies means only websites you are directly visiting can read or write any cookies.

So if you go to facebook.com and it sets some cookies and later you go to somerandomblog.com that has some images from facebook.com, Firefox will not send cookies to facebook.com, since you are not visiting it directly.

Now obviously if somerandomblog.com has javascript from facebook.com on it, then that javascript can read cookies from somerandomblog.com and do pretty much anything it wants with that page.

Good question and I'm not sure. I would guess that if it doesn't accept them then it wouldn't read them either. The first step in the cookie transaction would be to check whether that cookie already exists (an attempt to read the cookie). It would seem easiest to stop that process at that point based on user preferences rather that just programming it to check at the actual write time.

This is all speculation though.

But once you sign in to Facebook, you have the cookie, so browser will send it if there's no read blocking.

Cookies can still be read if this is set to "off."

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact