Can't freakin' comment on an awesome YouTube video! :(
- Inicie sesión ou rexístrese para enviar comentarios
Trying to comment as well as being first :D on this video: http://www.youtube.com/watch?v=i6LU_kUwySI
Commenting on Youtube requires 3rd-party cookies, which is a security flaw, because it leaks data about your web browsing to those 3rd-party web sites. The following is a message from an apparent Google tech-support guy:
"Yes, I agree that it should be fixed, but it's not going to be a quick or easy fix. I suspect that when the new system was developed, nobody stopped to consider whether third-party cookie filtering might pose a problem. It's not a bug -- that is, it's not a mistake in the code that's making it behave wrongly -- but a design flaw, and fixing design flaws means redesigning something. If YouTube and Google+ can't use cookies to communicate, that will have to scrapped and replaced by a server-side solution.
FWIW, I know that the folks at YouTube are now aware that this is an issue."
That post was made way back on 2013-12-16. The whole thread is here: https://productforums.google.com/forum/#!topicsearchin/youtube/unable$20to$20comment|sort:relevance|spell:true/youtube/AUNr4ikX9pU
I've tried to enable exceptions to the 3rd-party cookie block, but Abrowser doesn't seem to allow that. That's probably a good thing.
I have the same problem.
Wouldn't a better solution than blocking cookies - that causes some sites to complain and say its necessary, or as this issue, be to make the browser delete cookies whenever it is closed?
If a 3rd party can set and read cookies, they can track your visits to any website that allows them such access. Your privacy would be comprimised as soon as the cookie gets set, so deleting them later would not help.
That's how I've got my browser configured, but I'm also blocking third-party cookies. To be fair, though, you really ought to fully block most third-party requests, not just cookies; there are other methods of identifying you than tracking cookies (e.g. IP address and fingerprinting). I use RequestPolicy to do this. Ideally, you should use Tor (via the Tor Browser Bundle or Tails) whenever you don't identify yourself and aren't using torrents; then any tracking that might be tried on you is pointless, since you're anonymous.
Ah, what do you guys think? Should I use Tor? I do have Tor, but haven't realized it's more usefulness 'till now.
Like I said, always use it unless you're identifying yourself (which subverts the whole purpose of it) or using torrents (torrents can't be safely used through Tor). Unless you really know what you're doing, it's best to use the Tor Browser Bundle[1] or Tails,[2] since it's easy to make a mistake that costs you your privacy (thus subverting the entire purpose of using Tor) if you set Tor up yourself.
[1] https://www.torproject.org/projects/torbrowser.html.en
[2] https://tails.boum.org/
Ah ok, thanks!
Can't one configure a browser to allow third-party cookies from visited sites only?
The problem is that it is not always clear as to what is a site related direct cookie or a third party cookie. Cross site scripting is a huge problem for both security and privacy due to this.
Essentially if you count cookies from sites you have visited then it can quickly spider out into thousands of sites because technically your browser quested them even if the user did not.
This stuff is difficult to manage unfortunately.
I understand. I believe the use of add-ons like AdBlock Plus and Disconnect could mitigate this; and there's a new add-on surfacing, "Privacy Badger", by EFF, that could possibly help in this task: https://www.eff.org/privacybadger
- Inicie sesión ou rexístrese para enviar comentarios