Why is forum using cookies?

e-OS stands for privacy, but why is the forum site using cookies ? Cookies are against privacy. So why can’t I login without cookies enabled ?

Because when you login somewhere, a authentication cookie is created, with a unique session key the server send to you in it.

That’s how you are auto-login into a website when you have checked the “stay connected” box, even after a reboot of your computer and even if you haven’t visited the website for a week.
The unique key is sent to the website that say “OK this key belongs to Harvey, no need to login again it must be him”.

It’s also how it works without that “stay connected” box. Otherwise you would have to login again and again for each page you want to see on the forum.


It’s the same thing on a shop website when you put items in your “bag”. Even without an account, one week later those items will still be in the bag, until you delete cookies of course.

2 Likes

Yes I know that all, but I want add everytime my login bame and password. And I want decide for my own.
Cookie yes, when I enable ‘remember me’ and no cookie when I dissble it.
It couldn’t be that I can’t use a browser where cookies a disabled.

It’s not possible to be connected somewhere without that authentication cookie. The forum would ask for your password every 3 seconds, it would be unusable.

Cookie isn’t necessarily a bad thing.

3 Likes

And why are cookies not allowed on privacy browsers ?

Because it can be used to track users.
But it doesn’t mean they are all necessarily bad.

2 Likes

That’s why I don’t want enable cookies for NO site

That’s your choice. But you won’t be able to login anywhere.

For the record, you can also disable third party cookies instead of all.
And you can also in an about:config setting in Firefox for instance sandbox cookies to make them available only for the website they come from (privacy.firstparty.isolate = true).

4 Likes

If you really wanna go hardcore on this, you can delete your cookies every few seconds with the help of an addon (assuming you’re using a browser that supports it). But honestly this is nonsense, not all cookies are bad, and there are more effective ways to avoid being tracked online if that is your concern.

Before you ask:
Cookie AutoDelete (Haven’t used it in a while, might have changed).
Privacytools
EFF Surveillance Self-Defense

1 Like

I use HTTPS Everywhere https://www.eff.org/https-everywhere
NoScript security suite https://noscript.net/
and uBlock origin https://github.com/gorhill/uBlock/wiki/uBlock-vs.-ABP:-efficiency-compared
And in browser setting I block all third party cookies, and never remember history. In Firefox automatically delete all history ending the browser session. Extensions above are also available in Chromium, but there you have to delete your browsing history manually.
As an EU citizen I need “I don’t care about cookies” too because with these browser settings the annoying cookie warnings and privacy pages due too EU legislation appear over and over again at every visit on any European website. https://www.i-dont-care-about-cookies.eu/
The cookie on this forum is functional, not a tracker, it is only one script from e.foundation which I marked “trusted”.

1 Like

I surf primarily with Tor Browser, with default parameters.
In Preferences#privacy, I never see any data in Manage cookies & sites data.
I assume cookies are stored on the last computer linked to the website I visit. As that computer can be anywhere in any country, cookies cannot be linked to me.
At least that is my understanding.

Therefore, I accept cookies lightheartedly.
I can still log-in on most websites like this forum and no cookies seems stored on my computer.

I fallback to normal Firefox equipped with NoScript & Ublock. I use noscript to temporarily accept needed scripts.

To me, a cookie is problematic since at least one of these criteria is met:

  • It can be used on other websites (for instance with google analytics or facebook)
  • The data collected is shared with third party (for instance if data is sold to another company with the e-mail address)

So to me, an authentication cookie which is not visible by other websites and on a website which will not share data with third party is not a problem.

My personal (meaning not the best one) solution about cookies is refusing only third party cookies, then when I exit the website, delete all the cookies; excepted for websites I trust (such as this forum).

Another very effective way of avoiding trackers while allowing functionality like cookies is to use multiple browsers for different online activities, and within those, different profiles with different configuration (i.e.: settings, addons, themes, window size, etc). This way you don’t actually avoid tracking, it just gets compartmentalized as much as possible to minimize how useful/accurate it actually is.

If on top of that you use other tools like VPN, use different search engines, proxies and, of course, ad-blockers such as uBO then you are already on the good track (pun intended) to make yourself harder to follow online. You could even go further than that by using random email addresses (or aliases) and usernames for each and every last one of your online accounts (emails, forums, newsletters…).

Note that you’re not invisible and if someone with enough resources is willing to put enough effort on tracking you specifically they will still do so, but that’s true even with Tor, so unless you really, really need to hide for some reason (and remember that privacy is not equal to anonymity) then you want to step up your game to using things like Tails, QubesOS, etc.

1 Like