Forum Discussion

josh_bodner's avatar
josh_bodner
Former Employee
Feb 02, 2021

Dev channel update to 90.0.782.0 is live

Hello Insiders!  Today we’re releasing build 90.0.782.0 to the Dev channel.  As you can see, this is the first build of major version 90 to land in Dev, and with it comes some exciting new features. ...
eddiezato's avatar
eddiezato
Iron Contributor
Feb 03, 2021

HotCakeX there is an option for clear all cookies with exceptions:

 

 

Personally I block all third-party cookies. But with 'allow list' I can bypass global blocking and allow these cookies for specific domains. 'Allow list' has worked this way in Chromium for many years.

HotCakeX's avatar
HotCakeX
MVP
Feb 03, 2021

eddiezato 

eddiezato wrote:

HotCakeX there is an option for clear all cookies with exceptions:

 

 

Personally I block all third-party cookies. But with 'allow list' I can bypass global blocking and allow these cookies for specific domains. 'Allow list' has worked this way in Chromium for many years.

 

there are 2 things to note here,

 

Edge and Chrome already have an "Allow list" or "exception list" for 3rd party cookie blocking.

it happens when you check this box:

 

 

if you Don't check that box, it shouldn't happen. they are clearly mentioning that to the user, if you check the box, third-party cookies on this site will be allowed.

 

there is no need to apply it to the whole "Allow" list.

 

also, there is an option to clear cookies on exist with exception, in here

edge://settings/clearBrowsingDataOnClose

but it doesn't sync the websites we add.

 

so based on what I explained in my previous comment, it's impossible to have that kind of security in Edge.

 

there is literally no way, if there is then please tell me how to:

  1. limit Google.com's cookies only to Google.com
  2. have a list of frequently visited sites (which also includes Google.com) and let them save their cookies on Edge.
  3. delete all cookies that don't belong to the frequently visited sites list (aka allow list) in here:
    edge://settings/content/cookies
    whenever the browser is closed.

 

I'm open to all suggestions and I hope I'm wrong

 

  • josh_bodner's avatar
    josh_bodner
    Former Employee
    Feb 09, 2021

    Edge and Chrome already have an "Allow list" or "exception list" for 3rd party cookie blocking.

    it happens when you check this box:

     

    HotCakeX As I look at that checkbox, the lack of space between it and the buttons makes me think it's still experimental.  I actually don't have it at all in my Canary, and I have a bunch of flags turned on!  I'm glad you got this figured out, but now I'm curious about that box given how ambiguous it is.  

    • HotCakeX's avatar
      HotCakeX
      MVP
      Feb 10, 2021

      josh_bodner 

      josh_bodner wrote:

      Edge and Chrome already have an "Allow list" or "exception list" for 3rd party cookie blocking.

      it happens when you check this box:

       

      HotCakeX As I look at that checkbox, the lack of space between it and the buttons makes me think it's still experimental.  I actually don't have it at all in my Canary, and I have a bunch of flags turned on!  I'm glad you got this figured out, but now I'm curious about that box given how ambiguous it is.  

      Yes you are right, that box got removed few canary versions ago.

      I had to use sync + stable channel's check box to get 3rd party cookie blocking on canary.

       

       

  • eddiezato's avatar
    eddiezato
    Iron Contributor
    Feb 04, 2021

    HotCakeX 

    HotCakeX wrote:

    if you check the box, third-party cookies on this site will be allowed.

    No. If you check this box, you will allow all third-party cookies from the entered URL, not just cookies for the domain itself.

     

    HotCakeX wrote:

    there is literally no way, if there is then please tell me how to:

    1. limit Google.com's cookies only to Google.com
    2. have a list of frequently visited sites (which also includes Google.com) and let them save their cookies on Edge.
    3. delete all cookies that don't belong to the frequently visited sites list (aka allow list) in here:
      edge://settings/content/cookies
      whenever the browser is closed.

    Just block third-party cookies and don't allow any specific. Then enable 'clear cookies' here edge://settings/clearBrowsingDataOnClose with exception for 'google.com' and another domains you want. Can't say anything about syncing this option because I don't use sync.

     

    I think the idea of sending your personal data to some company to sync already violates privacy.

    • HotCakeX's avatar
      HotCakeX
      MVP
      Feb 04, 2021

      eddiezato 

       

      "No. If you check this box, you will allow all third-party cookies from the entered URL, not just cookies for the domain itself."

       

      I meant and said the same thing, lol. I've seen how it works and I understand it

       

      "Just block third-party cookies and don't allow any specific. Then enable 'clear cookies' here edge://settings/clearBrowsingDataOnClose with exception for 'google.com' and another domains you want."

       

      I've already tried that, there is a problem with this method.

      the checkbox for allowing 3rd party cookies in edge://settings/clearBrowsingDataOnClose

      does not work the same way as the checkbox in edge://settings/content/cookies

       

      the former allows 3rd party cookies of that domain to be saved in the browser and accessed. the latter only lets the 3rd party cookies of that domain to be saved/kept, not accessed.

       

      hope it's clearer now to understand the problem.

       

      "I think the idea of sending your personal data to some company to sync already violates privacy."

       

      if you really believe in that then you shouldn't be using Internet at all. the moment you are connected, some company has your data and knows what you are doing, starting with your ISP.

      if not ISP, then the secure DNS server you might be using. if not, then the VPN server provider that you might be using. there is no escape.

       

      Sync is very harmless in comparison, and the advantages it provides outweigh any possible disadvantages.

       

      • eddiezato's avatar
        eddiezato
        Iron Contributor
        Feb 04, 2021

        HotCakeX 

        HotCakeX wrote:

        I meant and said the same thing, lol. I've seen how it works and I understand it

        Ok. You have example.com

        This website contains cookies from the domain itself and bunch of third-party such as google analytics, etc. If you allow example.com cookies without a checkbox, you only allow cookies from that domain, even if they are presented as third-party. But these will only be the example.com cookies. If you check this box, you allow domain cookies and all these trackers located on example.com with different domains.

        This is how I understand this checkbox.

         

        Let's look at a different angle.
        There is an option to enable all cookies and an option to block third-party.

         

        If you don't allow the use of cookies, you can use the “allow list” to allow certain cookies.

        If you allow all cookies and don't block third-party, then "allow list" doesn't make any sense, you already allow everything.

        If you allow all cookies and block third-party, then "allow list" may give you the ability to allow certain third-party cookies, since you only block third-party cookies.

         

        About "clear cookies". In the first place you can clear a few but save many, in the second you can clear all but save a few. I think that's the difference.

         

        Sorry if my English is bad. I tried my best. :smile: