JavaScript code embedded in the PDFs
What could possibly go wrong?!!
Browsers' built-in tools that crumble web cookies that track you around the internet can be bypassed or rendered ineffective by malicious websites. In a paper presented at the USENIX Security Symposium this week, a trio of researchers from KU Leuven in Belgium describe how they developed a framework to analyze the enforcement …
Session cookies are necessary for a lot of purposes.
Otherwise you can't log into anything as the server can't identify you.
Cookies that last longer than a session are of very limited utility to an end user. I had my browser set to barf all cookies when closing for a long time, and it worked really well.
One forum I use moved from local adverts to ones supplied by a banned admonger (due to malware), so I lost the adverts on a site I was happy to see as they were VERY targetted.
They were targetted at people performing that hobby.
Another forum has a banner ad for GLASS
That was interesting.
Firefox: NoScript, ad domains JS blocked; do not accept unvisited third-party cookies; delete all cookie upon exit of browser; Google, Bing, Doubleclick et al completely cookie blocked.
Have always done so. For most people, why does it take a threat being discovered before taking reasonable precautions?
"For each one, there was at least one way to bypass promised protection."
Which is why it's a good idea to use more than one approach to blocking things. Firefox with everything disabled that can be, plus uBlock, Ghostery and Noscript is probably relatively safe. Any one of them might be able to be bypassed, but it's unlikely they can all be bypassed in the same way.
Imagine a world where Winston Churchill was just the prime-minister of Britain and not also America's undercover agent.
He gave away many British pioneered technologies, while at the same time stopping all further development so that America might better dominate the market.
If the UK could have kept a hold of the advances in computing, how different might the world look today?
Clearly being left in the hands of monopoly chasing capitalists has proven disastrous, like the unnecessarily inefficient x86 architecture that Intel wound into a knotted mess to frustrate competition.
I honestly think the UK would have been a much better place to nurture computing, well at least in defining standards in favour of security and the common good.
Instead we have a free for all grab that has the whole industry rocking from calamity to disaster, and all the while the users are trading their self away for a few extra bells and whistles.
Its very hard to apply these wide sweeping policies. "Third party" cookies are not all bad. My company builds software which our clients embed in their site. That makes it hard for us to place cookies on the users browser, even though we have every right to be there, we have permission to do so as the user has agreed to cookies on the site, which we are a integral part of. We have workarounds in place, but its worrying that totally legitimate cookies are being dropped due to ever moving policies.
" but its worrying that totally legitimate cookies are being dropped due to ever moving policies."
Legitimate? If I say I dont want cookies - thats it!
FO!
If I cant access your site because I wont accept a cookie I dont visit it.
There are very few sites I *MUST* visit....and mostly they have acceptable cookie policies
It's my PC and I am the consumer/customer. I decide (moslty) what is stored on my PC and whether (or not ) I *need* your content ...."Not" usually wins
That's like saying you're entitled to block the ads that show up on TV or the junk mail that arrives in your mailbox or skip the muzak when you're put on hold. As they, price of admission. You don't have to visit, and they don't have to serve, either. Makes you wonder what you'll do if the exclusive content you MUST have is stuck behind an obnoxious ad-wall. Suck up or walk on the Sun?
Debating point: does El Reg not implicitly preach what it manifestly fails to practice?
Anecdote: I recently ordered a "big-ticket" item of furniture, from a big-shed retailer on a big retail park. As part of that, I checked online, including a visit to the retailer's website from my 'phone.
That was using plain ol' Chrome. Given my very limited use of the web from the 'phone, and the fact I don't expose anything of value on it, I've never been arsed to fine-tune it against ads and such nonsense.
Sometime after, I visited El Reg from the phone. And found that every bloomin' ad on the Reg pages is now that same furniture retailer! If I visit the Reg front page, more than one ad. will appear as I scroll down, and it's always the same: the retailer whose page I visited! Click to another page, it's the same ad. OK, enough, this is just annoying: delete effing cookie!
That's because advertisers are idiots.
Eventually they'll realise that advertising a product that someone has already purchased is stupid.
Some are already starting to realise that following someone around the internet with the same advert is creepy and people will actively avoid buying it when they so that.
If you make it useless ...
Anyone here spoofed a journey into Google Maps ? If you think Google searches have become a bit shit of late, it's because they've put a shit load of AI into their tracking algorithms. They won't let you cross a continent in 1 second - you need to make it a proper journey.
But if you can do that, and send your virtual self to 37.4220° N, 122.0841° W ...