How PREF cookie (google.com) appears in firefox? - firefox

Remove all the history in Firefox (delete all cookies), disable all add-ons and plugins, then restart Firefox. Do not go to any site and wait for about 10-15 min. Go to Options->...->Show cookies. You will see cookie named PREF with google.com domain.
1) Can somebody explain how and why this cookie appears?
2) How to get rid of this?
p.s I don't have any google desktop application installed. Firefox google search bar is removed too.

This cookie is coming from Google's safebrowsing api:
google.com/safebrowsing/downloads?client=....
This is a known issue in firefox and there is an open ticket here:
https://bugzilla.mozilla.org/show_bug.cgi?id=368255
EDIT To get rid of it, you can turn off the safebrowsing on the security tab (under Options), by un-checking the boxes to Block attacks and forgeries.

Why does it appear?
As part of Safe Browsing, Web browsers ping Google periodically for
updated lists of potentially dangerous sites. When they do, Google
puts a cookie on the user’s machine. Google says the cookie helps it
keep its system stable and monitor for attacks.
Source: The Google Cookie That Seems to Come Out of Nowhere
Why does it keep reappearing even after I delete it?
Because you need to disable Safe Browsing
AND because Firefox Cookie Manager can't delete it, even if it appears to (bug #1026538).
Why is it dangerous?
As this cookie contains a unique ID number, it has been used by the NSA to track people under suspicion. Source: NSA uses Google cookies to pinpoint targets for hacking, Washington Post
Also, it means Google can track you better since this unique ID is persistent even after you close Firefox.
Security often means less privacy. You can avoid sending all your browsing history to Google: Use an up-to-date browser and modules, disable uneeded browser modules, don't install apps/modules from untrusted sources and avoid phishing attempts by checking the website domain and HTTPS certificate.
How to really get rid of it?
Disable Safe Browsing:
1.1 Uncheck "Block reported attack sites" under Firefox Preferences > Security tab
1.2. Uncheck "Block reported web forgeries" under Firefox Preferences > Security tab
THEN manually delete the existing cookie with sqlite3 (as long as bug #1026538 is open)
2.1. Find your Firefox cookie database within your Firefox profile folder:
Firefox menu > Help button > Troubleshooting Information > Application Basics section > Profile folder line > Open Directory button > File name is cookies.sqlite
or (Ubuntu) find ~/.mozilla/firefox -name cookies.sqlite
2.2 Install sqlite3: Download or (Linux) sudo apt-get install sqlite3
2.3 From command prompt: sqlite3path-to-cookies.sqlite
2.4 DELETE FROM moz_cookies WHERE baseDomain = "google.com";
Now you can check that the PREF cookie doesn't reappear at Firefox launch in Firefox Cookie Manager. It should not reappear as long as you don't re-enable Safe Browsing and if you have configured Firefox to delete cookies after exit.
Recommeded tools to limit tracking (except PREF cookie...): Cookie AutoDelete

It's used by the NSA and GCHQ to spy on people!
http://rt.com/usa/nsa-advertisers-cookies-track-browsers-034/

Google has updated their policies page to explain what types of cookies they use, specifically the PREF cookie.
But beforehand I will say that I can't explain where and how this cookie pops up in the browser. It seems to be done by firefox itself even if you don't use Google search, Google safebrowsing and block cookies for °.google.com
Google's policies page states that:
Preferences
...
The PREF cookie may store your preferences and other information, in particular your preferred language (e.g. English), how many search results you wish to have shown per page (e.g. 10 or 20), and whether or not you wish to have Google’s SafeSearch filter turned on.
Advertising
... Google uses cookies, like the PREF cookie, to help personalize ads on Google properties, like Google Search, particularly when you aren’t signed in to a Google account. ...
Maybe it's part of the undisclosed contract between Mozilla and Google to set this unblockable zombie cookie. Who knows? :-)

Click Show Cookies - Don't just delete the Google cookie but click 'Remove All Cookies' Remove the check mark from the 'Accept cookies from sites' box

It was possible to disable the google pref cookie in previous firefox-versions but since version 28 it is NOT possible to disable the google pref cookie! Mozilla integrated this cookie because google wants it - and google is paying millions of dollars for mozilla to keep this spying cookie in the firefox-browser enabled. Iam using now the comodo icedragon-browser, its based on firefox 26, you can install addons and themes from mozilla too, and most important you can disable the google-pref cookie: Go to options - privacy - enable custom settings - uncheck accepting cookies and remove the stored cookies if you have any (also add the links in which you login to the exception list). This cookie will never appear again. I hope Comodo dont update this browser to the newer ff-base.

I effectively deleted the google.com pref cookie. Do this:
about:config
safe
delete all values that reference google.com
It works and I've experienced no degradation in performance.

This, er, feature has undergone several rebrandings -- from "safe browsing" to "phishing protection" and now (FF 49) to "block dangerous and deceptive content". No doubt it will soon become "Protect tiny kittens".

Another way in Firefox is to click Exceptions under Options/Privacy/"use custom settings for history"; type in "google.com" and click Block. That way google.com will not be stored on your computer from then on. (If you have a gmail address, you can't access it unless you store google's cookie).

Related

How do I add a specific domain/site as an Exception in Firefox Tracking? It's greyed out

In Firefox, enter Options > Privacy & Security > under "Enhanced Tracking Protection" click "Manage Exceptions"
There seems to be no way to add a domain or site to the list of excepted sites (currently the list appears to be empty).
I want to exclude a specific domain from having Tracking blocked (Google reCaptcha is not working and I think this is why). I don't want to just blindly allow all tracking, I want to only allow per site for better security.
I think I found it. In the Firefox address bar click on the Shield icon left of the URL, then click the Toggle for "Enhanced Tracking Protection is ON for this site":
If the site immediately you are trying to unblock redirects to a different site when it detects cookies are blocked, it's very difficult to create an exception. (since you can't stay on that site) In this case, just turn off cookie blocking altogether temporarily so you can visit the first site. Then you can create the exception and turn cookie blocking back on.

Is it still possible to check login sessions in an invisible iframe?

For OpenID Connect, a common technique is to use a hidden iframe to login with prompt=none, to restore the user's session without having to redirect to the provider. Once tracking cookies are disabled by the upcoming Firefox release, will this technique still be possible? How do I convince Firefox to send cookies when loading an iframe from another site?
Firefox displays a shield icon in the address bar when it is blocking content, like cookies. Some sites are smart enough to ask you to allow certain 🍪 if their login fails, and it is relatively easy to do so by clicking on that icon.

Verification by Card always shows Session Expired on Azure

Whenever i try to register for Azure Free Trial, i feed all information and as soon as i land on Verification by Card page, it loads and then instantly shows me Session expired. I tried using different ID, different network and also different city to perform the action. Azure support does not work and googling doesnt help much either.
Is anyone else experiencing same or i am only one with such a problem.
I have also attached the screenshot of the issue.
Azure Session Expired.png
I would assume only two thing could cause this.
1. The Browser.
Can you do a clean fresh install of your preferred browser? Maybe there is a cookie issue. Microsoft has a notorious browser past. Are you using IE? If not true installing IE.
2. The Site's Code
Nothing can be done there. Just call Microsoft Support.
I hope this helps.
Best,
Tim
I doubt there's a global access issue with Azure, but you can double-check the status here.
It looks like a trouble with your current device configuration.
Check that your clock is correct. Your browser may remove cookies or
reject certificates because of wrong clock.
Check your browser-specific settings for limitations and security measures like disabled Javascript or enchanced security. It's also worth checking the addons and extensions for the same reason.
If you're on Windows, check Internet Settings or try to add the site to Trusted Sites list. A few months ago I had to add Microsoft sites to the Trusted Sites list on Windows Server box to solve a similar issue.
The simplest solution would be to try another device.
I had the same problem. Trying different approaches to solve the issue ultimately had the same outcome...I couldn't create an Azure subscription when logging in using my O365 credentials.
Working with Microsoft Support the approach that successfully worked for me was to open an InPrivate Browser session. Navigate to https://account.azure.com/, which causes a credential challenge, which you should use the O365 credentials. Ultimately a successful outcome.
BTW> I could only engage MS Support by submitting a Support request. MSFT were responsive in that I was contacted within 60min, with a suggested resolution.

Prevent Firefox from restoring session cookies after restart

Firefox has a feature to restore session cookies after restart (either after crash or if user has set "restore session" option) and that's causing a lot of problems (for example: Firefox session cookies).
However some sites, most notably Gmail, somehow don't have this problem. After it restores session Firefox won't sign you back in Gmail, you'll have to enter user/pass again. (although, I am not quite sure if Gmail uses session cookies at all)
Is there a way for server application "prevent" browser from restoring session cookies? Or is there some way to know that you are in restored session?
Ok, to answer my own question...
According to Can firefox restore a secure session after an add-on installation? and the page it links to http://kb.mozillazine.org/Browser.sessionstore.privacy_level there's a Firefox setting 'browser.sessionstore.privacy_level' which determines what FF session restores saves (can be 0, 1 or 2 - see second link).
Until FF4 it was default to store/restore only non-secure sessions (that's why GMail currently asks you to sign in again - they are using SSL/HTTPS), but in FF4 default setting will be to store ALL sessions - so even secure sessions will be restored by FF.

How do I write Firefox add-on that automatically enters proxy passwords?

Suppose someone worked for a company that put up an HTTP proxy preventing internet access without password authentication (NTLM, I think). Also suppose that this password rotated on a daily basis, which added very little security, but mostly served to annoy the employees. How would one get started writing a Firefox add-on that automatically entered these rotating passwords?
To clarify: This add-on would not just submit the password; the add-on would programmatically generate it with some knowledge of the password rotation scheme.
This is built into Firefox. Open up about:config, search for 'ntlm'
The setting you're looking for is called network.automatic-ntlm-auth.trusted-uris and accepts a comma-space delimited list of your proxy server uris.
This will make FireFox automatically send hashed copies of your windows password to the proxy, which is disabled by default for obvious reasons. IE can do this automatically because it can use security zones to figure out whether a proxy server is trusted or not.
Blog post discussing this
It's your lucky day - no need for an add-on!
How to configure Firefox for automatic NTLM authentication
In Firefox, type about:config into the address bar and hit enter. You should see a huge list of configuration properties.
Find the setting named network.negotiate-auth.delegation-uris (the easiest way to do this is to type that into the filter box at top).
Double-click this line, and enter the names of all servers for which network authentication is desired, separated by commas. Then press ‘OK’ to confirm.
Find the setting network.negotiate-auth.trusted-uris, and set it to the same value used in #3.
Find the setting network.ntlm.send-lm-response, and set it to true.
Skip steps 7 and 8 if you aren't using a proxy.
Open the options dialog (Tools->Options menu), and on the Advanced page, Network tab, press the Connection Settings button to get the proxy configuration dialog:
Make sure the correct proxy server is configured, and that the same list of servers is listed in the No Proxy for: entryfield as were set in step #3.
Done.

Resources