Web Browser Cookies + OS X El Capitan: Safari Cookie Security?
Web browser cookies become a concern when used to track behavior in hard to understand ways; for example when ad servers and similar constructs link together disparate web sites so as to build a profile of a web user. It’s not just commercial; it’s about power and votes: a competent political party will surely employ online profiles to target voters.
Web browser cookies are relatively benign compared to the really nasty and invisible tracking going on which is not in the web browser at all; see Anti-privacy unkillable super-cookies spreading around the world – study. That kind of tracking really make people angry, and it ought to, because it is invisible and uncontrollable. Such perspective is in order relative to web browser cookies, which can be of benefit, being neither good nor bad inherently (like water). The greatest potential risks stem from the governments, identity thieves and similar. Not so much from commercial entities, which generally just want to sell you stuff and to keep selling you stuff. The Really Bad Stuff is not likely to result from web site cookies.
Safari Privacy preferences for cookies
Below is how Lloyd sets Apple Safari Privacy preferences, and the results show why people dislike cookies: visiting specrtrum.ieee.org results in 12 cookies that seem to show that Safari just doesn’t work properly: why are cookies from bizographics.com, cloudflare.com, mobify.com, optimizely.com, parsley.com, serving-sys.com, etc now there just from visiting spectrum.ieee.org? There is surely an explanation, but it eludes Lloyd.
This is the sort of inexplicable behavior that raises fears (reasonably so). Why Safari acquires all these cookies when set to “when design no longer matters. The lack of clarity makes people resent all cookies. Apple thus makes the problem worse.” defies understanding: maybe it means “allow cookies from any website referenced by current website”. Which shows at the least poor wording (and judgment) at Apple, or a bug in Safari. Either way, Apple is increasing FUD by poor design, but that should not be a surprise
Update: using Firefox with a setting to reject 3rd-party cookies results in none of those foreign cookies that Safari allows on through with specrtrum.ieee.org. More Apple Core Rot.
Bruce B writes:
I followed your advice regarding a test of El Capitan.
I loaded the new OS on an external disk and ran some tests. Generally El Capitan worked well for my purposes but I discovered a change in Safari behavior that affects privacy. When visiting various websites El Capitan accepts cookies from many websites I don't visit (i.e. Facebook) even when I select the option to only accept cookies from websites I visit.
It even happens when I select the option to only accept cookies from the current website. I found a few posts on the web with similar comments. When running 10.8.5 I don't observe this behavior. More core rot or am I missing something?
Thank you for the suggestion regarding the El Capitan test. It worked great.
MPG has not confirmed this behavior (or refuted it), but it raises a general issue: just how well does Apple protect user security, and if it’s true, how do bugs slip through? Test suites should be there that preclude any such bugs from reappearing; test suites are well-known best practice for at least 20 years now. With the past three OS X releases, MPG wonders if Apple testing really means “ship it and see what people complain about”.
Security in particular requires especially rigorous testing because one hole can open up others. In this regard security is a far different beast than a one-off bug.
Since i updated to El Crap i also see this problem.
I deleted all cookies and kept only about 40 from pages i read daily.
After opening just my FB page or a simple news website i end up with about 150-200 cookies. First i suspected my iPad syncing with iCloud cookies. I turned the iPad syncing off, same scenario.
Safari is now a daily nuisance as i delete all cookies i don't want... not sure where all the mess comes from! Core rot...
Note that Jony Ive has his team working on Thunderbolt displays and even super-old 30" Cinema Displays... in the same video Ive shows the color swatches and how important details are for Apple.
No NEC, EIZO anywhere, and also note that the users all face a glass wall with solid wall in the back, no reflection from Thunderbolt/iMac screens :)
He also notes that Apple could become complacent and miss the train..well, i think they are by now..
MPG: Thunderbolt displays from Apple and the 30" Apple Cinema Display has truly awful gamut. Many colors are thus “invisible” to anyone using such screens.