Sign in or Join FriendFeed
FriendFeed is the easiest way to share online. Learn more »
Paul Buchheit
Paul Buchheit
If you uncheck "Accept third-party cookies", Firefox will no longer send any cookies to iframes (even if set outside of an iframe), which breaks the FriendFeed Facebook app. Has Firefox always been like this?
Picture 5.png
July 22, 2008 - Comment - Share
These "privacy" features end up hurting privacy, because then web sites switch to signed urls and such, which are much worse (they leak out in referrer headers). - Paul Buchheit
Yup, this was exactly my problem. I accidentally unchecked it while messing around with cookies while programming...occupational hazard... - Emmett Shear
This breaks Feedly as well. I've always unchecked third-party cookies because I was under the impression that's where most click-trackers and ad-servers lived. Am I wrong? - Akiva Moskovitz
Yes, for exactly the same reasons. You are not wrong. - Sam Pullara
Isn't this the default policy in IE7, unless you enable p3p for the sites? - Michael Herf
I'm not pretty sure I agree with @paul - there are enough examples of manipulations by 3rd party cookies, from ads tuning and down to other nasty tricks. You may dislike it but it is there to protect us. And it is there for years. - A.T.
It's irritating enough that I have to allow cookies on sites I want to share through the bookmarklet. Luckily, I use CS Lite. - Akiva Moskovitz
Please see this bugzilla entry for a quick overview: https://bugzilla.mozilla.org/show_bu... - Reading the entire bug is a good idea. This is also a relevant bug if you're interested: https://bugzilla.mozilla.org/show_bu... - Christopher Blizzard
These sorts of gimmicks are to privacy what a paper mache motorcycle helmet is to safety. They interfere with legitimate functionality while giving a false sense of security. - Paul Buchheit
I just 'disable refererrs" with the webdev toolbar, or you can do w/ about:config. I know that skews web reports, but for the most part most non-ssl websites don'r require you to be coming from the websit to see the content. - clarke thomas
you should accept authentication using facebook params, and set a cookie if you can. you have the user info right there - no need for a cookie - Ivan Kirigin
For the record, I was part of the IE team when we implemented the IE third party cookie P3P support. It was a feature completely designed by a set of State Attorneys General. They specified everything down to the UI in the IE control panel. It was a disaster. - Joe Beda
Ivan, those facebook params leak through referrer headers, meaning that other people can steal your login. Joe, the P3P thing is kind of dumb, but at least I can set the right headers to make the problem go away. That's an amusing back-story though. - Paul Buchheit