To be fair, not all third-party cookies are blocked by GNOME Web right now.

A visit to some random blog with ads can inject weird domains (like ".adnxs.com") in the cookies list. It's easily reproducible. Internet says it is an iFrame hack/trick.

----------


Also: the "EasyPrivacy" list can be seen as a "shared blacklist" solution?

If yes, Bug 755188 can be a complement/replacement to this one.

(In reply to Diogo Campos from comment #1)
> A visit to some random blog with ads can inject weird domains (like
> ".adnxs.com") in the cookies list. It's easily reproducible. Internet says
> it is an iFrame hack/trick.

The cookies should be invisible except in a frame displaying the domain they were set from, but the workaround for that is the same hack. :/ There's not really much to be done about that, except to block all subframes from using cookies, which a major browser has to do first.

(In reply to Diogo Campos from comment #0)
> # Possible solutions
> 
> The specifications above suggest ways to protect user privacy. Are they:
> 
> - Blocking third-party storage
> - Expiring stored data
> - Treating persistent storage as cookies
> - Site-specific white-listing of access to local storage areas
> - Origin-tracking of stored data
> - Shared blacklists

We need to figure out how major browsers are handling this before we consider acting on it. We need at least one major browser to act first. Implementation would need to be in WebKit.

Sure.

I don't think that any major browser has cared about the privacy implications of these technologies until now (Safari? IE? Chrome? Pfff...). Best bet would be Firefox, that seems to be going with the Shared Blacklist solution, which is probably our best (tested, effective) option too.

So, I think that the right thing to do is to close this bug as a duplicate of (or obsoleted by) #755188. Do you agree?

It's really a different issue. Let's use WONTFIX. Please do reopen if Firefox does something interesting here!

Yes, I will keep an eye.
And sorry for the noise.