2241
Firefox rolls out Total Cookie Protection by default to all desktop users worldwide | It is Firefox’s strongest privacy protection to date, confining cookies to the site where they were created (blog.mozilla.org)
submitted 3 weeks ago by ForgottenFlux@lemmy.world to c/technology@lemmy.world
226 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[-] intensely_human@lemm.ee 7 points 3 weeks ago

Is that because the like button is an iframe?

[-] Dave@lemmy.nz 42 points 3 weeks ago

It doesn't have to be. Your browser sends the cookies for a domain with every request to that domain. So you have a website example.com, that embeds a Facebook like button from Facebook.com.

When your browser downloads the page, it requests the different pieces of the page. It requests the main page from example.com, your browser sends any example.com cookies with the request.

Your browser needs the javascript, it sends the cookie in the request to get the JavaScript file. It needs the like button, it sends a request off to Facebook.com and sends the Facebook.com cookies with it.

Note that the request to example.com doesn't send the cookies for Facebook.com, and the request to Facebook.com doesn't send the cookie for example.com to Facebook. However, it does tell Facebook.com that the request for the like button came from example.com.

Facebook puts an identifier in the cookie, and any request to Facebook sends that cookie and the site it was loaded on.

So you log in to Facebook, it puts an identifier in your cookies. Now whenever you go to other sites with a Facebook like button (or the Facebook analytics stuff), Facebook links that with your profile.

Not logged in? Facebook sets an identifier to track you anyway, and links it up when you make an account or log in.

[-] Nightsoul@lemmy.world 10 points 3 weeks ago

Thank you for the explanation!

[-] intensely_human@lemm.ee 2 points 2 weeks ago

How is Facebook able to know what site is requesting it? Is it in the referer header, or is it parameters in the javascript/image url?

[-] Dave@lemmy.nz 2 points 2 weeks ago

There is a referer header sent, but depending on the exact code added to the page, it's very likely they are loading a snippet of JavaScript that lets them collect other information and trigger their own sending of information to their server.

For example, Google Analytics has javascript added to the page, but loading fonts from Google's CDN (which many sites do) will rely on the referer.

this post was submitted on 28 Aug 2024
2241 points (99.3% liked)

Technology

58115 readers
4141 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago
MODERATORS
L3s@lemmy.world
enu@lemm.ee
fry@fry.gs
L3s@fry.gs
enu@lemmy.world
L4s@fry.gs
L4s@lemmy.world