All Posts by Date or last 15, 30, 90 or 180 days.

As an Amazon Associate I earn from qualifying purchases @AMAZON

Designed for the most demanding needs of photographers and videographers.
The fastest, toughest, and most compatible portable SSD ever with speeds up to 2800MB/s.

Web Browser Cookies + OS X El Capitan: Safari Cookie Security?

Web browser cookies become a concern when used to track behavior in hard to understand ways; for example when ad servers and similar constructs link together disparate web sites so as to build a profile of a web user. It’s not just commercial; it’s about power and votes: a competent political party will surely employ online profiles to target voters.

In MPG’s view, there are two objections to cookies: non-transparency (“what do they do”) and non-benefit (the use of cookies that are not for the benefit of the user). Both concerns have merit, and both are enlarged by FUD (Fear, Uncertainty, Doubt). Unfortunately, rather than focusing on these core issues, the discussion devolves into “cookies are bad”. Well, water is bad, because people can drown in it. Throwing out the baby with the bathwater in this way is an abdication of reason.

Web browser cookies are relatively benign compared to the really nasty and invisible tracking going on which is not in the web browser at all; see Anti-privacy unkillable super-cookies spreading around the world – study. That kind of tracking really make people angry, and it ought to, because it is invisible and uncontrollable. Such perspective is in order relative to web browser cookies, which can be of benefit, being neither good nor bad inherently (like water). The greatest potential risks stem from the governments, identity thieves and similar. Not so much from commercial entities, which generally just want to sell you stuff and to keep selling you stuff. The Really Bad Stuff is not likely to result from web site cookies.

Every web site worth visiting needs cookies for one reason or another. These are often of value, not a liability. This site uses a cookie to remember retina display status so as to automatically serve up retina-grade images and/or to remember other display preferences; without that cookie the server will serve up a low-res page for retina users—a degraded experience. Login status may require a cookie on some sites (e.g., sister site diglloyd.com). Deleting all cookies is no fun at all: web sites forget logins, settings, etc. Cookies offer useful benefits. The headache comes from the abuse of cookies by ad servers and similar, whose goal is to build more and more detailed user profiles.

We now begin to see the appearance of “this site uses cookies” confirmation dialogs as an idiotic nuisance on some web sites (this appears to be driven by the nitwit bureaucrats in the EU). This offers ZERO benefit to users, and degrades the web experience. Such is the direction in which things seem to be headed, and it only muddies the issues. Which won’t make things better.

Safari Privacy preferences for cookies

Below is how Lloyd sets Apple Safari Privacy preferences, and the results show why people dislike cookies: visiting specrtrum.ieee.org results in 12 cookies that seem to show that Safari just doesn’t work properly: why are cookies from bizographics.com, cloudflare.com, mobify.com, optimizely.com, parsley.com, serving-sys.com, etc now there just from visiting spectrum.ieee.org? There is surely an explanation, but it eludes Lloyd.

This is the sort of inexplicable behavior that raises fears (reasonably so). Why Safari acquires all these cookies when set to “Allow from current website only” defies understanding: maybe it means “allow cookies from any website referenced by current website”. Which shows at the least poor wording (and judgment) at Apple, or a bug in Safari. Either way, Apple is increasing FUD by poor design, but that should not be a surprise when design no longer matters. The lack of clarity makes people resent all cookies. Apple thus makes the problem worse.

Update: using Firefox with a setting to reject 3rd-party cookies results in none of those foreign cookies that Safari allows on through with specrtrum.ieee.org. More Apple Core Rot.

Bruce B writes:

I followed your advice regarding a test of El Capitan.

I loaded the new OS on an external disk and ran some tests. Generally El Capitan worked well for my purposes but I discovered a change in Safari behavior that affects privacy. When visiting various websites El Capitan accepts cookies from many websites I don't visit (i.e. Facebook) even when I select the option to only accept cookies from websites I visit.

It even happens when I select the option to only accept cookies from the current website. I found a few posts on the web with similar comments. When running 10.8.5 I don't observe this behavior. More core rot or am I missing something?

Thank you for the suggestion regarding the El Capitan test. It worked great.

MPG has not confirmed this behavior (or refuted it), but it raises a general issue: just how well does Apple protect user security, and if it’s true, how do bugs slip through? Test suites should be there that preclude any such bugs from reappearing; test suites are well-known best practice for at least 20 years now. With the past three OS X releases, MPG wonders if Apple testing really means “ship it and see what people complain about”.

Security in particular requires especially rigorous testing because one hole can open up others. In this regard security is a far different beast than a one-off bug.

Michael writes:

Since i updated to El Crap i also see this problem.

I deleted all cookies and kept only about 40 from pages i read daily.
After opening just my FB page or a simple news website i end up with about 150-200 cookies. First i suspected my iPad syncing with iCloud cookies. I turned the iPad syncing off, same scenario.

Safari is now a daily nuisance as i delete all cookies i don't want... not sure where all the mess comes from! Core rot...

Note that Jony Ive has his team working on Thunderbolt displays and even super-old 30" Cinema Displays... in the same video Ive shows the color swatches and how important details are for Apple.

No NEC, EIZO anywhere, and also note that the users all face a glass wall with solid wall in the back, no reflection from Thunderbolt/iMac screens :)
He also notes that Apple could become complacent and miss the train..well, i think they are by now..

MPG: Thunderbolt displays from Apple and the 30" Apple Cinema Display has truly awful gamut. Many colors are thus “invisible” to anyone using such screens.

View all handpicked deals...

Nikon Z7 II Mirrorless Camera
$2997 $2997
SAVE $click

diglloyd.com | Terms of Use | PRIVACY POLICY
Contact | About Lloyd Chambers | Consulting | Photo Tours
Mailing Lists | RSS Feeds | X.com/diglloyd
Copyright © 2020 diglloyd Inc, all rights reserved.
Display info: __RETINA_INFO_STATUS__