Does deleting cookies before shutting the browser have any advantages?
- Cookies can be used to identify you everytime you visit a site, to keep you logged in for example
- Cookies can have malicious pieces of code designed to steal data
- Hackers will try to steal session cookies to sign in, imposing they’re you
- On some web browsers, cookies are used for cross site tracking. If you have Facebook cookies, that shows Twitter you were on Facebook, when you visit Twitter.
Fingerprinting is a concern, I understand. But it is not capable to storing as much data as cookies can. There is a reason why stealing session cookies is more valuable than recreating your device’s fingerprint. Browsers like Tor and Brave prevent fingerprinting.
In my experience with a relatively hardened Firefox install, I find that it’s nice to dump any cookies I’m no using at the end of a session. While I am blocking almost all cookies, there are some that do stay on the browser for the whole session. If those aren’t removed then the tracking or preference can continue between sessions.
For example, I’ll use YouTube for music at work without signing in. At first the home page will start as basic as your would expect from a fresh install of a browser, but as I use YouTube over the course of the day, YouTube starts to recommend more relevant content based on what I’ve been searching. It’s tracking me in a sense by hanging on to my preferences. If I don’t clear my cookies, that would continue indefinitely, but because I do erase all cookies except for my exceptions when I close the browser, I get a fresh YouTube page every day. It’s a visible sign of how clean I’ve managed to make browsing there. I notice it on YouTube, but the same thing is happening with everything else I visit.
Isn’t this what cookies are intended to do?
Is this really possible? Modern browsers sandbox sites and OS itself have protection against this kind of threats.
How likely this is as
Step 1: Get ability to execute arbitrary code on target machine.
Most modern web browsers such as safari, Firefox block cross site cookies and isolate cookies. Is this a something to worry about?
Every time I refresh YouTube (in a private window) I get a different set of videos
They would technically only need to read a file, which is more likely to happen then remote code execution.
Cookies are similar to having you login and password as plain text on you PC, if an attack gets access your PC they might be able to access you e-mail, and from there start resetting the password on your online accounts.
Don’t know how like it is to happen for you, probably not that likely, but it happens a lot and it allows attackers to bypass 2FA.
From what I’ve been reading (this article is really entertaining to read), you need the “ability to execute code”.
According to article,
In theory, people can detect the theft of cookies. Google, for instance, knows that they gave the Gmail cookie above to Naruto. They can also know, that you, with a different browser, OS, and IP address, might not be Naruto.
Yes, but it is a post-hack and require the ability to execute arbitrary code on the target machine. If this happens, there are other things to worry about than a hacker stealing some cookies and hacker have so many other options to do than stealing cookies (unless the hacker is this guy /j).