In Firefox, enter Options > Privacy & Security > under "Enhanced Tracking Protection" click "Manage Exceptions"
There seems to be no way to add a domain or site to the list of excepted sites (currently the list appears to be empty).
I want to exclude a specific domain from having Tracking blocked (Google reCaptcha is not working and I think this is why). I don't want to just blindly allow all tracking, I want to only allow per site for better security.
I think I found it. In the Firefox address bar click on the Shield icon left of the URL, then click the Toggle for "Enhanced Tracking Protection is ON for this site":
If the site immediately you are trying to unblock redirects to a different site when it detects cookies are blocked, it's very difficult to create an exception. (since you can't stay on that site) In this case, just turn off cookie blocking altogether temporarily so you can visit the first site. Then you can create the exception and turn cookie blocking back on.
In my app I use WebBrowser control. User can visit http://mail.google.com then without logging out from google.com he visits http://twitter.com then http://abcd.com etc.
Now my requirement is to do the fresh start of the WebBrowser control and revisit those website and force the user to login again on those sites.
I tried so many options but I failed. I'm not able to find out exactly how can I delete all cookies from My Webbrowser control and do a fresh start.
Can any body did the same successfully? Can you please share your code?
I have a simple app I want to create, which allows you to place any website within your Facebook page on a tab.
Previously, I could just do this without a secure canvas URL, but now it is telling me that I must have this to create the app.
Is there a way around this, as the app does not take any info from anybody, it just shows a site from my server on the page.
Short answer: No. You do not need to provide an encrypted connection if the app runs in sandbox mode but otherwise it is mandatory.
Well, actually people using secure browsing will just see an error message at the moment but judging from recent announcements apps without an encrypted connection will be blocked a bit further down the road.
Remove all the history in Firefox (delete all cookies), disable all add-ons and plugins, then restart Firefox. Do not go to any site and wait for about 10-15 min. Go to Options->...->Show cookies. You will see cookie named PREF with google.com domain.
1) Can somebody explain how and why this cookie appears?
2) How to get rid of this?
p.s I don't have any google desktop application installed. Firefox google search bar is removed too.
This cookie is coming from Google's safebrowsing api:
google.com/safebrowsing/downloads?client=....
This is a known issue in firefox and there is an open ticket here:
https://bugzilla.mozilla.org/show_bug.cgi?id=368255
EDIT To get rid of it, you can turn off the safebrowsing on the security tab (under Options), by un-checking the boxes to Block attacks and forgeries.
Why does it appear?
As part of Safe Browsing, Web browsers ping Google periodically for
updated lists of potentially dangerous sites. When they do, Google
puts a cookie on the user’s machine. Google says the cookie helps it
keep its system stable and monitor for attacks.
Source: The Google Cookie That Seems to Come Out of Nowhere
Why does it keep reappearing even after I delete it?
Because you need to disable Safe Browsing
AND because Firefox Cookie Manager can't delete it, even if it appears to (bug #1026538).
Why is it dangerous?
As this cookie contains a unique ID number, it has been used by the NSA to track people under suspicion. Source: NSA uses Google cookies to pinpoint targets for hacking, Washington Post
Also, it means Google can track you better since this unique ID is persistent even after you close Firefox.
Security often means less privacy. You can avoid sending all your browsing history to Google: Use an up-to-date browser and modules, disable uneeded browser modules, don't install apps/modules from untrusted sources and avoid phishing attempts by checking the website domain and HTTPS certificate.
How to really get rid of it?
Disable Safe Browsing:
1.1 Uncheck "Block reported attack sites" under Firefox Preferences > Security tab
1.2. Uncheck "Block reported web forgeries" under Firefox Preferences > Security tab
THEN manually delete the existing cookie with sqlite3 (as long as bug #1026538 is open)
2.1. Find your Firefox cookie database within your Firefox profile folder:
Firefox menu > Help button > Troubleshooting Information > Application Basics section > Profile folder line > Open Directory button > File name is cookies.sqlite
or (Ubuntu) find ~/.mozilla/firefox -name cookies.sqlite
2.2 Install sqlite3: Download or (Linux) sudo apt-get install sqlite3
2.3 From command prompt: sqlite3path-to-cookies.sqlite
2.4 DELETE FROM moz_cookies WHERE baseDomain = "google.com";
Now you can check that the PREF cookie doesn't reappear at Firefox launch in Firefox Cookie Manager. It should not reappear as long as you don't re-enable Safe Browsing and if you have configured Firefox to delete cookies after exit.
Recommeded tools to limit tracking (except PREF cookie...): Cookie AutoDelete
It's used by the NSA and GCHQ to spy on people!
http://rt.com/usa/nsa-advertisers-cookies-track-browsers-034/
Google has updated their policies page to explain what types of cookies they use, specifically the PREF cookie.
But beforehand I will say that I can't explain where and how this cookie pops up in the browser. It seems to be done by firefox itself even if you don't use Google search, Google safebrowsing and block cookies for °.google.com
Google's policies page states that:
Preferences
...
The PREF cookie may store your preferences and other information, in particular your preferred language (e.g. English), how many search results you wish to have shown per page (e.g. 10 or 20), and whether or not you wish to have Google’s SafeSearch filter turned on.
Advertising
... Google uses cookies, like the PREF cookie, to help personalize ads on Google properties, like Google Search, particularly when you aren’t signed in to a Google account. ...
Maybe it's part of the undisclosed contract between Mozilla and Google to set this unblockable zombie cookie. Who knows? :-)
Click Show Cookies - Don't just delete the Google cookie but click 'Remove All Cookies' Remove the check mark from the 'Accept cookies from sites' box
It was possible to disable the google pref cookie in previous firefox-versions but since version 28 it is NOT possible to disable the google pref cookie! Mozilla integrated this cookie because google wants it - and google is paying millions of dollars for mozilla to keep this spying cookie in the firefox-browser enabled. Iam using now the comodo icedragon-browser, its based on firefox 26, you can install addons and themes from mozilla too, and most important you can disable the google-pref cookie: Go to options - privacy - enable custom settings - uncheck accepting cookies and remove the stored cookies if you have any (also add the links in which you login to the exception list). This cookie will never appear again. I hope Comodo dont update this browser to the newer ff-base.
I effectively deleted the google.com pref cookie. Do this:
about:config
safe
delete all values that reference google.com
It works and I've experienced no degradation in performance.
This, er, feature has undergone several rebrandings -- from "safe browsing" to "phishing protection" and now (FF 49) to "block dangerous and deceptive content". No doubt it will soon become "Protect tiny kittens".
Another way in Firefox is to click Exceptions under Options/Privacy/"use custom settings for history"; type in "google.com" and click Block. That way google.com will not be stored on your computer from then on. (If you have a gmail address, you can't access it unless you store google's cookie).
I have an HTML page with a login form and a registration form inside of an overlay. When the user submits either of these forms, an AJAX request is made back to the server.
If the registration or login is successful, then the user is logged in and certain parts of the page are updated. If there is an issue with the login/registration credentials, then the user is asked to correct the error.
How do I get the browser to prompt the user to save or remember the username/password used for this scenario?
I was able to get Firefox to prompt the user and remember the password by following the answer here:
How can I get browser to prompt to save password?
But this solution did not work in webkit browsers or IE. Also, I tried adding the autocomplete attribute to the forms with value "on", but this also did not solve the problem.
Thanks in advance :)
I'm not sure if you are going to be able to find a solution to this that works across all browsers in a timely manner and if you do it may be very brittle and could break after any browser update.
A more reliable and robust way of doing this could be to do it with your own code by building this functionality into your UI. This would probably even save you some time in the long run. You could have a "remember me" checkbox or a "remember me" popup that comes up after a successful login.
If the user opts to be remembered just write an encrypted cookie with their username which if detected will allow them to bypass login. Assuming SSL I don't see this route as being much less secure than trying to force the browser to do it as the information will be stored un-encrypted on most users computers either way.