Cookies set to "Never" but Safari now accepts all cookies anyway

I'm running 5.1.4.

You want to see something really weird.

I kept Safari prefrence panel open all day at the Privacy Tab.

Gone through and removed all website data, earlier. Set to Always.

Here's where it gets weird,

Click on Advanced, wait a minute, now click back to Privacy.

It just went from 2 sites to 86 in that click back to Privacy.

I bet no one tried that yet.

Then you made a bad bet. That does not live update. You'll only see a change if you click to another pane.

Thanks,

From posts prior, I was led to think it was live leaving app in view.

So further browsing on-line was thought to be 'always' blocked in that mode and working.

I've come to the conclusion, there is no control, just simply market feeders. lol

Ok, my issue is that I keep having cookies come in for sites that seem to be in my Topsites...even when haven't opened topsites. My initial thinking was that maybe this was some kind of default set. Then, I got to thinking: RSS feeds. Now, I don't have any RSS in my bookmarks bar nor do I have the preferences set to update automatically. Still, after checking, I noticed many of the cookies I was getting matched up to RSS feeds in Safari that are from imported bookmarks back in Safari 3 and 4.

So, after removing all RSS feeds, the cookies stopped coming in...

powerbook1701 wrote:

So, after removing all RSS feeds, the cookies stopped coming in...

That's Pretty Clever. Not sure how one would figure that out.

well, honestly, I kept trying to think "what would be setting cookies" if I'm not going to a site. I thought about Dashboard, Mail, which then lead me to topsites. Most of the topsites that are "default" (meaning the ones that automatically start loading after a reset) seemed to match up mostly to the cookies that I was seeing. Then, I noticed that one cookie was reherring.com. I don't even know what that is, but found an RSS feed by that name. Since I usually just import bookmarks after each Safari update that happens with an OS update, I had tons that just got imported for the ride. So, I deleted that redherring feed and that cookies stopped coming in. Odd thing is, I don't have the safari preferences set to update RSS, but maybe those old feeds were not minding that preference. I don't use RSS, so I just clicked on RSS in bookmarks and deleted all of them.

No more unwanted cookies coming in...

maybe the bug is that the cookie preferences setting neglects to control RSS

Regarding top sites, like I mentioned, I don't use that. All my favorite pages are in folders in my bookmarks bar, where I right-click to open all in tabs. In general preferences, you can set Safari to open new windows as empty pages, which is what I have.

Then, regarding other settings that can store cookies, one is of course the "Fraudulent site" setting, which I disable. What that does is send information about every website you visit to check against a database. Of course with FireFox I DO use that, because FireFox is the browser I use to access sites that need cookies. As I am not entering any information in Safari, there is no need for that. Another thing is your search choice. If google is used, google will store a cookie (even with cookies set to off), same for yahoo and bing. I installed glims, and changed to duckduck, and no more cookies from that. Indeed, no cookies from any site are stored now.

Regarding RSS feeds, I don't use those. Never understood the point of it. The websites I go to already look like RSS feeds, albeit with a few pictures.

I'm also using ghostery to block everything it can, which also might be responsible for some blocking. In the old days with Safari, I often wound up with a google or an apple cookie, despite having cookies disabled, but now I get neither. Before ghostery, and before glims, I was getting the google or apple cookie with 5.1.4, but that is no longer the case. I think we should just band together and pay a developer to make a fast, lean browser for general use with no cookie option, no local storage, no nothing. Safari is "good enough" for me now, but it would be nice to turn off local storage. Perhaps a simpler approach would be a user mode for the browser, such as setting 1) stores nothing, and setting 2) cookies, fraud protection, etc., for cookie sites. so the user could create customized profiles, and switch between them.

Anyway, I'm just glad Safari does basically what I want it to now. I'm personally of the opinion all Internet enabled products should start with the maximum level of security, and let the user erode their security and privacy by enabling options, rather than the user having to bend over backwards to try and create a reasonably secure solution. The idea of privacy as a fleeting moment in our history is a sad thought to me, what our founding fathers fought for is now being destroyed from every vector imaginable, be it with the zillions of clueless facebook users to the data mining lobbyists getting legislation passed. Rather than a top-down or bottom-up revolution, this is in the middle. Just recently it was declared our government could legally and without warrant track anyone using a cell phone, as their location data is collected by a third party and they, as an end user, have "no privacy interest" in that data! How many years, or months, will it before it's declared that anyone using any computing device has no privacy interest in anything entered on the device? We are swiftly moving to a cloud-based computing, cashless society, and the ability of corporations/governments to "flip the switch" on people's lives will reach levels of terror I don't think our founding fathers could have even conceived, but I digress.

I don't use RSS or Topsites, but RSS feeds have just been imported from older versions of Safari as OS updates have come and done. I don't use Topsites, but again, it seems they are just there. I turned the auto updated part of it off. But, it would seem that either old RSS feeds from previous safari versions don't respect cookies settings or the other way around in that cookies settings do not get applied to RSS feeds. Either way, removing all RSS feeds period stopped the unwanted cookies stream for me.

No, don't install glims. Glims is where they spam you with all the unwanted cookies.

When you use glims in web search, it actually goes out and visits all the suggested websites in the search box.

Glims pre-fetches the webpages in preview, and then displays the suggestion to you. That is equivalent to you clicking on all those suggested webpages even before you click on them, and it fills Safari with all those junk cookies.

It is similar to previewing all searched webpages while you are still searching. With each keystroke that you typed, it suggested all matched keyword webpages, which means you will be visiting 100s of webpages prefetched by the suggestions by glims, and end up with 100s of cookies in Safari.

I installed the basic glims, and turned off everything except "add search engine". The functions you're describing would presumably be if you enabled "add search suggestions" and "improve search results" neither of which I use. Nothing comes from doing a search other than cache from duckduck.

powerbook1701 wrote:

I don't use RSS or Topsites, but RSS feeds have just been imported from older versions of Safari as OS updates have come and done. I don't use Topsites, but again, it seems they are just there. I turned the auto updated part of it off. But, it would seem that either old RSS feeds from previous safari versions don't respect cookies settings or the other way around in that cookies settings do not get applied to RSS feeds. Either way, removing all RSS feeds period stopped the unwanted cookies stream for me.

It certaintly makes sense that RSS feeds would use cookies (so they know what you have and have not read), so I'm sure you helped some people with this cookie hunting discovery. I didn't mean to imply there was anything wrong with using RSS feeds, just that I didn't use them so couldn't comment on that. 🙂

If you want privacy in using search engine, use https://startpage.com or https://ixquick.com

You can use their proxy to surf without ever getting any cookies or being tracked by your IP location.

They never store your search terms or keywords either.

Your search is completely secure with https protocol.

They are the only search engine that passed the European Privacy Seal.

nicoladie wrote:

If you want privacy in using search engine, use https://startpage.com or https://ixquick.com

You can use their proxy to surf without ever getting any cookies or being tracked by your IP location.

They never store your search terms or keywords either.

Your search is completely secure with https protocol.

They are the only search engine that passed the European Privacy Seal.

Actually I use duckduck because of the results. Google has become uselss. As a side benefit, duckduck also provides encrypted https, doesn't store IP address, etc. Startpage/ixquick is just a search aggregator with a proxy. Duckduck, unlike ixquick, does not use cookies by default.

Regarding this "seal" they were the first site/service to get it period. I read a lot on security and have never heard of "europrise" before. It got its initial funding by the European commission, so you know it's just going to be crony nonsense. Ixquick was bought by a company in Holland, and Holland is one of the only 8 countries who participate in this. They just happened to be the first product awarded this new fancy "seal." If you look at the companies awarded this prestigious honor, they also just happen to be services provided in these 8 countries, with one exception, Microsoft! And Microsoft is the beacon of security. *cough*

But, again, I use duckduck becuase of the results.

I'm not talking about the cookies deposited by the search engine. I am talking about the cookies deposited by the websites you surf. When you use ixquick's proxy to surf any website, none of the cookies in those surfed websites will be deposited in your computer. The proxy traps them.

All those 100s of unwanted cookies are deposited by the websites you surfed or pre-fetched by the browser. The cookies of the search engine is only 1 out of 100s of unwanted ones.

Ixquick is a meta-search engine. It uses a voting system to aggregate the search results, which means the search results are statistically significant, with consensus among search engines.

This means it eliminates any bias and skewing of the search result by any search engine, or any tricks the website used to artificially jack up their search rank. It gives much more reliable search results because meta-search result is, by definition, is independent of the specific search algorithm because the search result is voted on by multiple search algorithms.