[HN Gopher] Google Chrome to remove detailed cookie and site dat... ___________________________________________________________________ Google Chrome to remove detailed cookie and site data controls Author : giuliomagnifico Score : 427 points Date : 2021-09-03 18:29 UTC (4 hours ago) (HTM) web link (lapcatsoftware.com) (TXT) w3m dump (lapcatsoftware.com) | hpoe wrote: | This is part of a strategy to eliminate the openness of the web, | right now your client still has full view and control of the code | running on it in the browser to a certain degree. | | Companies do not want this, this makes it possible to reverse | engineer their process, to view what they are doing, and | basically takes away control. | | They want a future where your browser is instead a portal to the | web where various companies just deliver black boxes of bytes to | your machine and you don't have visibility into the code that is | running, the actions they are performing or what is going on. In | such a world they control the platform the content and the | delivery mechanism. | | Openness is contrary to the goals of these large companies | because that causes them to lose control. | nicce wrote: | I don't know why you are getting downvoted, but this is the | reality already. Maybe reasons behind are sometimes different, | but the end result is the same. | | Google is rebuilding their Docs for using canvas only[1]. You | have no control over it. | | Similar things are happening. Web assembly is getting more | popular, and in more cases browser is just a sandbox running | arbitrary code. E.g Microsoft has huge interest[2]. | | [1]: https://workspaceupdates.googleblog.com/2021/05/Google- | Docs-... | | [2]: https://www.infoworld.com/article/3613873/microsoft-gets- | ser... | SubiculumCode wrote: | "Don't be Evil" | | he he he...almost forgot about them saying that. -posted from | Firefox. | edoceo wrote: | Damn. And we lost Servo just when it was getting close to being | not shitty. While everything else is moving towards more shitty. | octopoc wrote: | There is some activity in the donations: | | https://crowdfunding.lfx.linuxfoundation.org/projects/servo | tomxor wrote: | We lost the servo team, but isn't servo complete enough to | simmer in maintenance? | kroltan wrote: | Not nearly complete enough if you want a browser. | | MAYBE, if you want a browsing engine / "webview". | tomxor wrote: | Ahh, i'm talking about the surviving parts that were | adopted by Firefox: | | https://en.wikipedia.org/wiki/Gecko_(software)#Quantum | | I remember it clearly because Firefox got a big performance | boost in it's renderer when quantum was released, often | it's faster than Chrome. | zamadatix wrote: | That's exactly what Servo was/is, an embeddable browser | engine. It was never aiming to build a usable reference | servo browser with the engine. The packaged nightly | binaries were just to demo the current state of the | embeddable engine which is why they were so barebones. | kroltan wrote: | Yes, you're correct, but the ancestor comments kind of | implied it being a hope for browsers at large. | | Bad phrasing from my part too, sorry. | dralley wrote: | No, not even close. | tomxor wrote: | Why not, It's in Firefox, I'm literally looking at it right | now. | kroltan wrote: | Some parts of Servo are in Firefox, but not the whole | thing. | | Swapping your VW Beetle's wheels for a Ferrari's doesn't | make it a Ferrari! Even if it improves handling (or | whatever I'm not a car person, it's just an accessible | analogy) | downWidOutaFite wrote: | Not sure why you're saying Servo, we still have Firefox. | kelnos wrote: | Servo was never supposed to be a browser. It was a testbed for | new browser tech/components, some of which got ported into | Firefox. I had hopes that Servo would also be an embeddable | browser engine, but not sure if that was ever a serious goal. | | Servo still exists and has been spun out of Mozilla's org | (https://github.com/servo/servo/). Certainly development will | be slower without a dedicated, paid team behind it, but it's | still alive (last merge to master was 9 days ago). And perhaps | without Mozilla's direct control, it will actually end up | becoming the browser you hoped it would be. | throw_m239339 wrote: | I give Firefox browser engine 5 years top before Mozilla | becomes Chromium based. Servo WAS meant to be the future had | Mozilla continued to fund its development, there is no way | around that fact. Yes, it was experimental, but so where | every other browser engines/forks when they started. Mozilla | lost a lot of goodwill when they fired Servo team and most of | the Rust developers. | drran wrote: | Why we need two Chrome's? | qutreM wrote: | Incremental changes toward a shitty browser. | cptskippy wrote: | So why do developers still use Chrome? | x0x0 wrote: | I have access to browser stats for a b2b saas. The majority of | our customers use chrome for the app. Approx 70% chrome, 28% | chromium, 2% safari (almost entirely mobile). NB: we discourage | mobile or you'd see more ios; the main site is approx 50% | safari (of that, > 95% mobile). | | Last time I looked, only one person had used firefox in the | trailing 3 months. | rdiddly wrote: | Are we even sure what the final page is going to look like? | "We're deprecating the old one" doesn't necessarily mean "We're | finished building the new one." | bronlund wrote: | If you move the letters G (Google) and C (Chrome) two letters | down the alphabet, you get IE. | staticassertion wrote: | Seems like there should be a bug report to include more detailed | information on the new page. | dylan604 wrote: | Closed, won't fix | melbourne_mat wrote: | I'm privacy conscious but would not consider looking at such | detailed information. For me it's delete all site state on exit. | Do people actually look at this stuff? | RedComet wrote: | I do. | alisonkisk wrote: | What's one interesting thing you've seen that isn't better | displayed in Dev Tools? | james-skemp wrote: | Developer bias, but being able to delete individual cookies is | invaluable. | | Non-developer hat: PlayStation Network store also had a bug | where you'd be logged in, but unable to buy anything. Instead | of deleting all data you could delete one cookie and it would | temporarily resolve the issue. | bushbaba wrote: | I always just used incognito windows for these kinds of | issues. | burnished wrote: | I don't really interact with cookies at all. What are your | uses cases? What is the value? If you're so enthused with it | I'm wondering if I should be, basically. | drewg123 wrote: | We have a bug like that in our internal systems at work. If I | can't delete an individual cookie, I'll switch to firefox for | work stuff. (I currently use chrome for work stuff b/c we | have some helpful extensions which are chrome only) | dangrossman wrote: | I've run into that bug (I think) on lots of sites, including | two of my credit card issuers. They set so many cookies, and | new ones on every visit, with long expirations, until the | cookie header is so large that either the browser or server | is cutting it off and you can't pick up the cookies to log in | any more. I go wipe out some cookies to fix that too. | ratata wrote: | Just fyi, you can delete individual cookies in the developer | tools. | bigwavedave wrote: | > Just fyi, you can delete individual cookies in the | developer tools. | | While I very much agree with the point you're making, I can | count on one hand (with fingers to spare) the number of | family members I have who know what the developer tools | even are, and that's because I showed them when | troubleshooting an issue they were having. They aren't | going to learn or remember how to access the dev tools to | manage cookies, but they do know what it means to delete | individual cookies and the current process to do so, and if | they forget the exact steps they could certainly figure it | out in settings/preferences. | | What they're not going to do is think "well, I can't find | the thing I used to use to deal with cookies, I'd better go | muck around in the developer tools." I'd imagine a very | large percentage of non-technical people who have heard | about cookies fall into the same category as my relatives, | but that's my own bias talking and YMMV of course. | shock-value wrote: | I have never known anyone to need to delete an individual | cookie vs all for a site. Certainly I've never needed | that. | | Only time I have (probably ever) deleted an individual | cookie was for testing during development, and in those | cases I already use the dev tools to do so. | BHSPitMonkey wrote: | If they're a non-developer, the ability to clear all of | the cookies (or data) for a given site should be adequate | to cover their needs (and if they're a developer, | obviously they'll just use Developer Tools > Application | for individual cookie manipulation). | | If a non-developer is in a situation where they need to | delete a single cookie by name but deleting _all_ of that | site's cookies would be ruinous for some reason, then | something's horribly wrong. | nett18 wrote: | Read the parent answer, it explains when deleting | individual cookies is useful (even for non-devs) | dredmorbius wrote: | Which Does Not Exist On Mobile. | | (90% or more of most sites' organic web traffic is mobile.) | rapnie wrote: | I use FF, uBlock and Privacy Badger. Of those - while uBlock is | most powerful - I value Privacy Badger the most. It shows me | 'number of cookies' in the toolbar icon on every page, and in | the dropdown I can quickly toggle any 'suspicious' domains to | be blocked. Only much less often do I take the time to do more | intricate stuff using uBlock Origin. | sixothree wrote: | Absolutely. I delete specific cookies regularly. | BHSPitMonkey wrote: | Through this UI? What's wrong with using Developer Tools for | this? | simfoo wrote: | Not just on exit - cookie autodelete is awesome. 10s after I | switch site all past cookies are gone | yellow_lead wrote: | I've looked at it before - to delete a specific cookie, or see | what a website has stored. Deleting specific cookies can | sometimes fix broken websites. | BHSPitMonkey wrote: | What's the intersection of "users who want to delete a | specific cookie" and "users who cannot open Developer Tools"? | For the average user, deleting all of a site's cookies seems | like all the granularity you need (and will be a more | effective troubleshooting tactic anyway). | shock-value wrote: | Effectively zero. Ridiculous that anyone would think this | an issue even worth discussing. | zmmmmm wrote: | We're getting into the scary space now where it's becoming | feasible for sites to insist on Chrome and drop support for other | browsers. I've hit two such apps in the last month where not only | did the app not work on FireFox, but the experience was | completely broken (blank page, etc). So they aren't even | bothering with enough testing to put up a "please use chrome" | message. | | I use FireFox for everything personal and Chrome for development. | I'd encourage others to do the same. Apart from expressing a | "vote" for web standards and interoperability, it also ensures | that by default you are separating personal from work / dev which | makes things a lot easier when you want to nuke all your browser | settings / cache / cookies etc. | intricatedetail wrote: | I worked on a project that a company decided to be Chrome only. | This was during times when IE was still popular. We were | spending a lot of time on cross browser compatibility and at | one point the start-up didn't have money to spend on that. We | picked Chrome as at the time offered best performance and it | was fairly easy to make the app look as intended. We had to | help some customers install Chrome and after that we had | amazing velocity and we could focus on features rather than | worrying why some customers can't see something etc. | zmmmmm wrote: | This is the slippery slope we're on. You only have to get a | little bit down the pathway of the dominant browser departing | from standards and the cost of maintaining cross | compatibility goes up exponentially. Your experience is | absolutely real and it's actually the reason why we have to | be vigilant not to get in that state in the first place. | [deleted] | the_other wrote: | I ONLY use Chrome when x-browser testing. I browse in Safari | and develop and test in FF first. If anyone else's site or app | doesn't work in Safari or FF, they lose me as a user/customer. | munro wrote: | Same, I switched to FireFox recently as well. Lol if they think | they can make these changes, and remain dominant (speaking | Apple as well), then they should look at what happened to | Freenode. Personally, I'm really just lazy, but I can go back | to compiling my own Linux distros if it means I can control my | system. | echelon wrote: | Demand the break up of Google! Now! | | Email your reps. | | Tell them this is dangerous and that Google shouldn't be | allowed to run the entire web. Take chrome away! | warning26 wrote: | The issue here is that "making a web browser" isn't a | sustainable business. You could force Google to spin off | Chrome...and then what? The new "Chrome Inc." would probably | need to either start integrating ads or start charging money | to even have a chance at not immediately going under. | | The only reason Firefox is even able to exist is Google | propping them up with lots of extra money. | prox wrote: | If someone says they are a developer but do not test other | browsers I don't take them very seriously as a developer at | all. | | I wholeheartedly think it's a good idea to split browsers | between work and personal just so to get familiar with other | browsers. | forgotmypw17 wrote: | As of today, my main workstation is an "early 2008" iMac, at El | Capitan and Chrome maxed out at 83.x... | | In addition to Chrome, I'm using six other browsers which work | well with HN, my own sites, fb, gmail, ... | | I think in today's Web we've achieved an incredible level of | compatibility, interoperability, and accessibility. | | Are there many sites which don't work across 25 years or 15 years | or even 5 years worth of client software? Sure, but... | | There are also restaurants I don't go to, roads I don't walk | down, and people I don't associate with... | | When a site tells me my browser is not good enough, I just turn | around and stop visiting, e.g. twitter, reddit, imgur... | | The Web is better than ever for me, thanks to this strategy. I've | heard it called boundaries and self-respect. | | -- | | Written on a 2012 iPad mini with iOS 9.x Safari. | chrononaut wrote: | Are you not worried about security vulnerabilities? | forgotmypw17 wrote: | From where? | Sunspark wrote: | Speaking for myself here, no. It's not actually that easy to | just "own" people randomly through their browser or network | connection. First you have to be malicious, then you have to | get them to engage with you directly, then you have to be | skilled enough to have code ready to go for their specific | circumstances. | | Most of the sites I visit are normal ones like HN. The ones | that are not, there's only so much malware an advertising | network can stuff in when ublock is present. | blacksmith_tb wrote: | It's laudable to keep old hardware in service, but there are a | lot of serious security issues with such old versions of the | browsers. If that machine is your only option, I personally | would install Ubuntu on it, which would get you current | versions of Firefox and Chrome (but of course wouldn't run OSX | apps you may depend on). | jacquesm wrote: | They are really on a roll there, how many user hostile moves is | that in the last 30 days? I think I lost count at 4. And all in | the name of 'helping our users to improve their experience'. | Since when is removing features that users depend on a positive? | | But with the competition as good as dead they can do whatever | they want: the bulk of the audience is now captive and has lost | either the willpower or the means to attempt to escape. | | It's about time we reboot this web thing. | [deleted] | hughrr wrote: | Back to Gopher! | decremental wrote: | Look around you. Does it seem like doing bad things that some | people have a problem with is some of kind impedes? There is | always an overwhelming majority of people who don't care. That | is their power. It's not going away. | jraph wrote: | > people who don't care | | You cannot care if you are not aware. It is a complicated | matter which looks very abstract when you haven't had a | chance to look into it and think. | | And then, some are aware and really don't care. But at least | it is a conscious choice. | deadbunny wrote: | > But with the competition as good as dead they can do whatever | they want | | Firefox works well enough for me. | SomeBoolshit wrote: | They've taken away user control over cookies per site years | ago. | | People complained, Mozilla ignored the complaints and somehow | this all just blew over because of browser extensions against | tracking cookies. | | There's still no replacement for the "ask me every time" | cookie dialog. | jonnycomputer wrote: | Yes. But you can see it all in developer tools. Just not as | accessible. At least when you are on that site. Which is a | limitation for sure. | Sunspark wrote: | Firefox in addition to user-friendly features, also has | containers which are an environment to isolate and manage | cookies. A noteworthy example being the facebook container: | https://addons.mozilla.org/en-US/firefox/addon/facebook- | cont... | | Linking here to a previous discussion on Firefox containers: | https://news.ycombinator.com/item?id=28353876 | [deleted] | magicalist wrote: | "how many user hostile moves is that in the last 30 days" seems | a bit much for something that they are "planning on | deprecating". It's not even clear if "making | chrome://settings/content/all the place to manage storage" | doesn't just mean everything is just going to move from two | pages to one but have the same functionality. | thih9 wrote: | > Since when is removing features that users depend on a | positive? | | Most google chrome users aren't techincal users; they aren't | familiar with cookie data controls and won't care if they're | gone. | | Google consistently drops technical features in the name of | improving or simplifying UX for most of their userbase (in a | way that's aligned with google's interests). This happens since | the beginning of Chrome (merging the address bar and search bar | seems like that to me); This approach is present in other | google products too (e.g. it's harder than ever to override | defaults in google search). | firebaze wrote: | Just sell your google stock in the next few months. I wonder | why Microsoft doesn't sue Google, they're repeating the | Internet Explorer story almost step-by-step. | SquareWheel wrote: | They've abandoned their browser for five years until it | stagnated, slowing progress on the web for all? | jraph wrote: | > the bulk of the audience is now captive | | And they don't know it for the most part. People not into | computers don't realize what is going on. Sadly, many people | into computers don't really care neither. | | I still try to speak about privacy and why I think we should | care when natural in the conversation with people who are | likely to be interested. Often, people actually show interest, | especially if you take their perspective in account. | dessant wrote: | Looking forward to a Google employee lecturing us about how users | don't care about these details and how people don't want granular | control over site data. | BHSPitMonkey wrote: | Not a Google employee, but yes - users absolutely do not care | about manipulating individual cookie key/value pairs (and if | they did, they would be web developers and know how to open | Developer Tools). | quaintdev wrote: | Of course an average user does not bother about these controls. | They don't even need to know what cookies are. Maybe they don't | care today but now you are not even giving them opportunity to | learn and take control back. | | The argument that no one uses it is just a front. Real reason | is it serves in Google's interest to remove these and that is | why they are doing it. Just like GTalk and RSS. | BHSPitMonkey wrote: | Why, in your view, does there NEED to be two UIs in the same | application serving the same purpose? | johncena33 wrote: | Just out of curiosity, what's the percentage of users outside | of devs do you think care about this feature? | [deleted] | loosescrews wrote: | Is it possible that they are combining the pages and will still | have the same functionality? I personally find it very confusing | that Chrome has two different pages for managing cookies. I | pretty much always want the manage individual cookies page, but | each time I find the other page first which only lets me clear | all cookies and have to track down the page I really want. | tehwebguy wrote: | > By the way, before anyone runs off and yells "Switch to Safari" | or something like that, keep in mind that Safari is actually in a | worse state and doesn't have detailed cookie and site information | at all. | | It does, but it's split between two places. You can see a list of | all sites that have stored data in Preferences > Privacy > Manage | Website Data... (no option to view here, just delete). | | You can also navigate to the site in the browser and then view | the detailed data: | | - Check "Show Develop menu in menu bar" in Preferences > Advanced | | - Develop > Show Web Inspector | | - Navigate to the Storage tab | | On the left you'll see options for Cookies, Local Storage & | Session Storage. | samizdis wrote: | > You can also navigate to the site in the browser and then | view the detailed data | | The author addresses this point (or has now addressed it) in | the addendum to point out an "observer effect" shortcoming: | | _This information can be seen with the web inspector in both | Chrome and Safari. | | Yes, but the crucial difference is that you have to navigate to | an individual site in a browser window in order to see the site | data in the web inspector. Whereas in the Preferences, you can | get to the site data, for every website, without having to load | the sites. And remember, the very act of loading a site can | make the site data change, so there's an "observer effect" if | you try to examine or delete it in the web inspector._ | BoorishBears wrote: | Not that I think this has actually been applied by anyone in | the wild, but it'd be fun to make a site that take advantage | of this | | You can detect developer tools being open in Chrome pretty | reliably, so detect dev tools have been open then "clean up | your act" before there's a chance to view anything of note | duskwuff wrote: | This has absolutely been used "in the wild". One | particularly nasty strain of ad-block-evasion scripts would | detect the developer tools being opened, and would reload | the page and disable most of its features to prevent them | from being analyzed. | BoorishBears wrote: | The ad-block thing is where I first saw it, that and DRM | for less-than-legal sites to prevent downloading (stops | streaming if the dev console is open) | | I mean more specifically taking advantage of the awkward | UI to cover up your tracks on local storage, it's | something that's just devious enough that if you get | caught (which is not difficult) it'll be hard to explain | what you were doing, and you'll be trying to explain it | to technical people | sroussey wrote: | Way back when, we thought about this for Firebug. One | thing that came out of it was browsers started adding the | console object (also because devs forgot to remove the | calls on it). | | Even so, we added CSS and stuff to highlight elements and | that was easily found. | | What do people look for today? | duskwuff wrote: | The two big ones are: | | 1. Watching window.innerHeight/innerWidth for sudden, | large decreases, indicating that the user just opened the | inspector. | | 2. Logging objects to the console with toString methods | and checking if that method gets called. | codezero wrote: | Could you see the original cookie by inspecting the headers | of the network request? This would presumably be the value | before the page loads and gives access to document.cookie | or a change triggered by a server-side header. | sk5t wrote: | Consider using something like https://mitmproxy.org/ to | deal with a site so devious as to detect browser-level | tools being used to inspect headers/cookies/etc. | codezero wrote: | Not trying to defend anyone here, but I wonder if there's a | non-nefarious reason for this. | | Specifically, there have been a lot of changes to cookies | lately because malicious actors (malware/adware) figured out | how to access the cookie store and infer/determine cookie | information from other sites. | | I suspect that maybe this cookie store is kept in a more | secure part of the application and only the cookies relevant | to the site you visit get pulled out of it. It may even be a | risk to have the information for all domains even loaded into | memory for the application. | | With all that said, there should be some way to | manage/introspect that cookie store from outside of the | browser imho. | wyager wrote: | If the browser is designed properly (this does not apply to | Safari), the UI can and should have totally different | permissions from the site executor/renderer. | dylan604 wrote: | >If the browser is designed properly (this does not apply | to Safari), | | Slow clap. Well done. | feanaro wrote: | Let's remain serious. It is entirely within the capability | of modern computers to admit a dialogue which would let the | user view their cookies without magically exposing them to | websites. There is no non-nefarious reason for this. | Kiro wrote: | Same for Chrome so not sure what this article is about. | DangitBobby wrote: | The article is quite clear. The question is, why did they go | backwards on functionality. They took a simple user interface | and removed a single useful feature from it, and what remains | is a much more tedious way to do the same thing. Why? What | was the benefit? The author speculates that it's to make user | cookie control more difficult. | shock-value wrote: | The reason was probably that no one ever needs to delete | just a subset of cookies from a site. I certainly never | have, and I'm a pretty technically-minded user. (Other than | for development, in which case I'm using dev tools anyway.) | IIsi50MHz wrote: | Counterpoint: I've many times had to fix presentation of | or access to a site by purging just specific cookies. Two | sites that have previously had these problems are | RingCentral's web interface and AutoTask. Maybe a dozen | or more others, but admittedly not many...however, when | I've needed it, the problem has been persistent, | requiring multiple fixes per day, over a few consecutive | days or or even a couple weeks. | SquareWheel wrote: | Needing to delete specific cookies does arise | occasionally, and we have dev tools or the cookie viewer | under the lock for that. | | However, needing to delete those cookies without first | viewing the page due to side effects - that is a very | niche use case. | gsich wrote: | Why Safari? The only sane choice is Firefox. | kortex wrote: | Or Brave. Safari gives me too many issues. Brave has all the | compatibility you'd expect from chromium. | techrat wrote: | Brave is just a shitcoin mining, referral link hijacking | reskin of Chrome. | brnt wrote: | By default it doesnt, and although I'd certainly advise | going over all Brave's settings once, then you have the | safest (as in not outdated like some other privacy forks) | and privacy respecting Chrome based browser around. | m0zg wrote: | They also run the only decent, independent search engine | that has _its own_, _uncensored_ index. DDG was | perceptibly worse than Google, but Brave Search is about | on par, and the latency seems to be better as well. I | maybe have to go to Google once or twice a month now | instead of several times a day DDG would require. I know | a bit about Google search, and frankly I'm stunned by | what Brave was able to pull off here. | | I'm actually not against Firefox either, but they refuse | to implement a profile switcher, and I need one to be | able to fully and unambiguously isolate my work and | personal accounts. What's particularly grating is that | they already have profile support. Just not the UX to | switch the profiles without pain. | techrat wrote: | Stop drinking the kool aid, buh. | | If you have to go over the settings... A safe, privacy | respecting browser wouldn't resort to any shady tactics | in the first place. | brnt wrote: | I'm not drinking any koolaid, I just have not found | anything better, apart from Firefox. | gsich wrote: | If Brave is keeping Chromium updated, then it is possible | that this will effect them also. | officeplant wrote: | From the blog it sounds like Chrome's will be in a similar | state after the update. Just another thing I'll have to | navigate to in a tedious manner. | xqyf wrote: | Sure, both browsers have developer tools. This is much more | opaque than a Settings menu. | a3n wrote: | What a weird design. Listing and viewing would often be done | when you want to "clean things up, but not everything. | | Disclosure: never used or saw safari, and i don't have a mac, | nor the mac nature. | butz wrote: | We're coming up to times where websites are encrypted binary | blobs and only browser who can open them is Chrome. And you have | to provide your personal data, to access them, of course. | arathore wrote: | It's not even a niche use cases, many times IT teams would | suggest deleting the cookies and cache for a specific site to | overcome common login issues. | alisonkisk wrote: | The ranting in this post's HN comments is ridiculous. | | If you don't trust a site, delete its content or block it. It's | not an invasion of your privacy because the UI doesn't let you | pick apart the individual bits of encoded gobbledygook in the | cookies. | | You need Dev Tools to make sense of cookies, and Chief provides | that. | londons_explore wrote: | How many users are there who want to delete some but not all | cookies for a site, yet aren't able to use the F12 developer | tools to do so? | | I can see some users delete cookies to prevent tracking, but | should those users really be deciding which cookies to keep and | which to delete when nearly all cookies have very user unfriendly | names and data contents? | | Given that, I agree with the Chrome team here. There shouldn't be | a general-public UI to manipulate individual cookies, since | making a mistake is very likely and leaks the user's private | info. Power users can use the F12 tools. | indymike wrote: | > There shouldn't be a general-public UI to manipulate | individual cookies, since making a mistake is very likely and | leaks the user's private info. Power users can use the F12 | tools | | Um, I'm pretty sure deleting a cookie or too isn't going to | leak my private data. If it does, it is because some third | party website defaults to doing the stupidest thing possible. | phone8675309 wrote: | Sounds like Chrome is moving more toward being a surveillance | tool and ad delivery platform that also browses the web (well, | more than it is right now anyway). | minikites wrote: | That's what happens when a browser made by an advertising | company becomes dominant. | booi wrote: | It's more and more obvious we need competition in the browser | space. Firefox as an excellent and performant alternative. | Personally I use Chrome for work and Firefox for personal | stuff. | coldacid wrote: | Firefox, and the Mozilla organization itself, has its own | fair share of issues. | | I really wish more people would look at and help develop | NetSurf[0] or other lightweight browsers with their own | layout engines More importantly, I wish that regular users | would stop going with the 900 pound Chromium/Blink gorilla, | and instead use a greater variety of browsers/engines. This | browser monoculture is just pure death. | | [0]: https://www.netsurf-browser.org/ | gaoshan wrote: | I've had decent luck with Vivaldi lately. | nicce wrote: | Please note, that it is Chromium based as well. | vimy wrote: | Why not use Edge if you need to use a chromium based browser? | krono wrote: | It's like Chrome, but better in pretty much every way. | Never thought I'd say this but Edge is actually pretty | good! | | Very frequent and large feature updates, deepening | ecosystem integration that uncharacteristically doesn't get | the way if you don't use it. | | I always get a bit anxious when one of these massive | enterprises suddenly gets up and starts moving with | newfound focus, and MS is pretty much sprinting on Adderall | at this point. | [deleted] | core-e wrote: | Do other Chromium based browsers like Brave count? Or do they | need be completely separate browser architectures like | Firefox and Opera? | MiddleEndian wrote: | Opera uses Chromium nowadays. | sebow wrote: | Google has being a surveillance tool since it's inception, they | cannot work without accumulating and/or embedding people's | data. | AJ007 wrote: | It's been that way since they forced logged you in on Chrome | whenever you logged in to any Google website. | Ajedi32 wrote: | Seems reasonable. If you want detailed information about the | contents of individual cookies that's what developer tools are | for. A simple "clear data" button seems far more usable for | normal users. | NVHacker wrote: | Anyone still uses Chrome for personal stuff ? | travoc wrote: | No, my household has shifted everything to Brave or Safari with | AdGuard. | nicce wrote: | Brave is also developed by yet another ad based company, and | is also Chromium based. | | I'm not so sure if grass is greener on this site, as the | money always decides in the end. | 1vuio0pswjnm7 wrote: | "As far as I know, there's been no public discussion of this | change, and Google employees may have accidentally leaked the | information to me in my innocuous bug report." | | There are constant changes to Chrome and these get pushed out in | "updates" to selected groups of users, aka "Field Trials". I have | never seen any public discussion of any of these changes prior to | including them in automatic updates. What makes this change to | user control over site data any different. In fact, I can recall | years ago Chrome used to let users change Javascript and Cookies | settings on a global or per site basis, and from the Address Bar | not only a "Settings" page. Then, without any discussion or | debate amongst end users, Google changed Chrome. (Note Javascript | is needed to store site data via "LocalStorage".) Today, in | "Guest mode" on a Chromebook, it's impossible for the user to | disable Javascript or Cookies globally in Chrome. Being logged in | to the Chromebook is a prerequisite for globally disabling | Javascript or Cookies. There is never debate on these design | decisions. These are dark patterns. How effective are user | complaints at influencing Chrome development. Please cite | evidence. Perhaps what we need are user-controlled solutions. | | Side note: I can remember a time when it was considered a | monumental task to get the entire web-using population to | download a new/updated web browser. Almost like a flag day. | Today, there is no need for a campaign to get users to "install | the latest version of [web browser]." The concept of automating | updates is great, but I am not a fan of today's software using | "automatic updates" because the way in which developers are using | it is user-hostile. | | "In my opinion, this change is very unwelcome. It takes away a | lot of information and control from the user. For what benefit?" | | BEGIN Devil's advocate/"Google's advocate" | | Since this is "the orange site", usually it begins with something | like, "Googler here. Opinions are my own not Google's." | | Our confidential studies show that individuals like the blog | author comprise a minority of Chrome users. The majority of users | are not aware of such "issues"; they do not publish blogs or give | feedback to Google. By all accounts the majority remain satisfied | with Chrome as they are not switching to alternatives. We have | dominant market share. Our focus is on delivering the best | experience for users. Lucky for us, this also happens to be the | best experience for our customers, advertisers, and therefore the | best outcome for Google. Its win-win-win. It would not be an | efficient use of our limited resources to offer a version of the | Chrome browser (e.g., field trial) that met the requirements of | this blog author, but failed to meet the evolving requirements of | Google. Altough we provide free services to our users, we are a | business not a charity. If we fail, then the entire world | suffers. However we are continually experimenting with | improvements to the browser, e.g., based on lawsuits that | governments file against us, and we are testing them on various | segments of our user base, without needing the user's prior | approval for every update. We believe this is the best use of | Google's limited resources. | | END Devil's advocate/Google's advocate | | The orange site commenter's task should be to refute the Google | advocate (or defend it). Or even better, give us a more | entertaining/thought-provoking Devil's advocate. A fundamental | rule of negotiation is that if one can understand the other | side's arguments, then she will be far more effective at | advancing her own arguments. ("It's difficult to determine | Google's motivation for this change." Maybe that's intentional. | Maybe Google does not want to open these decisions up for | "debate" or negotiation with those affected, i.e., end users.) | | "I hope to spur a public debate about it and give some pushback | to Google before they make too much "progress" on the change in | Chrome." | | Good luck. Can someone remind us when that has ever worked before | in bringing about changes by Google for the sole benefit of | users. | | With Privacy Sandbox/FLOC, it appears that debate did stop _other | browsers_ from adopting it, but it did not stop Chrome from | adopting it. | | The more interesting question IMO is what are the possible | solutions and how well do they work in practice. For example, | | 1. Stop using Chrome | | 2. Use some Chrome extension that "solves" the problem | | 3. Complain about Chrome on a blog or in a forum and hope for the | best | | Personally, I have chosen to control site data outside the | browser, using a forward proxy. The proxy software does not | automatically update itself, it does not run "field trials", and | it is not being sued by dozens of goverments. I do not have to | make complaints on a blog to try to influence its development. | Unlike a web browser from an online advertising funded entity, I | have reasonable control over the operation of the software. | Through the proxy I can control browsers like Chrome, including | headers such as cookies and clear-site-data | (https://developer.mozilla.org/en- | US/docs/Web/HTTP/Headers/Cl...). Nonetheless, I fully subscribe | to #1 as the current best solution. | SLWW wrote: | Firefox Nightly is a pretty good browser imho | | Also it just so happens that there are extensions that allow you | detailed (read: raw and editable) cookie data for each website | you visit! | deathanatos wrote: | I use & love Firefox, too, but do note that the author's | criticism directly applies to it, too: AFAIK, FF will not show | you the individualized cookies, or all you to act on them | individually. | | Now, as you say, you can download an extension (and indeed, I | do!), but I think there is some merit to it being in the base | app. (E.g., not having to trust an extension. But also, it's | part of _Firefox_ 's data, and FF should provide decent tooling | for itself.) | prox wrote: | I don't think so, but can't test right now, pretty sure I | deleted cookies and a cache for one particular domain | recently. | Sebguer wrote: | The chrome change doesn't stop you from being able to | delete cookies and cache for individual domains, it's the | ability to inspect _specific cookies_. | acabal wrote: | That data is available in the developer tools, under the | Storage tab. Individual cookies can be viewed, edited, and | deleted. Not very useful for the average user, but the option | is there and I doubt the average user even knows what cookies | are, except that they're something you constantly have to | click "yes" to nowadays. | yborg wrote: | Firefox used to show individual site cookies in the Manage | Data dialog, this was removed at some point. | kenhwang wrote: | I'm running the latest developer build and it still has | this. It only shows number of cookies by domain and allows | deletion by domain, and you'd have to use dev tools if you | wanted to look at or delete a single individual cookie. | [deleted] | cpmsmith wrote: | You don't even need extensions, that's available in the stock | developer tools. Though you have to be on the site at the time | to access it. | notatoad wrote: | i typically access this information by clicking the lock icon in | the URL bar. is that going away too, or just the version in the | settings page (which i didn't know existed until now) | sschueller wrote: | What the hell happened to Google? Who are these complete idiots | running the show? | edoceo wrote: | You may have forgotten: Cash rules everything around me. CREAM! | Get the money man! Dolla dolla bill y'all. | | Wu-Tang is forever. | sumtechguy wrote: | That is the rub though. The dialog to do this is basically | 'done'. This means someone spent time and money to make this | 'go away'? Why? Just leave it be seams reasonable?... | coldacid wrote: | Because Google figures, and they're probably correct, that | removing it would prevent the average luser from even | considering that they could take these privacy-friendly | steps in the first place, which ends up putting more money | in Google's pockets from the advertisers. | micromacrofoot wrote: | when you've eaten everything you've got no choice but to start | eating yourself | da_chicken wrote: | The same idiots looking ad and data mining revenue, and then | seeing what their customer's demands are. | | Their customers being the ones who are buying services from | Google. | | Not you. | | You're the _product_. | beerandt wrote: | Tired of this excuse. | | If the audience is the product, Google still has an interest | in selling a quality product. That means not running off more | and more of the most tech savvy "product" segment. | brezelgoring wrote: | "Tech savvy" and "not tech savvy" are just 2 of hundreds if | not thousands of tags put in your info, to steer it into | the proper SALE buckets. | | The 'you are the product' adage is true, but there isn't a | single quality you can have that makes you stand out from | thousands if not millions of others. Advertising is a | numbers game for them. | beerandt wrote: | Yeah, but there's an interest in keeping those numbers | around, and they have a disproportionate influence. | | Who does grandma or cousin Bob call to "fix" their | computer? Who's controlling what browsers get installed | on corporate networks and at elementary schools? Or | picking the online class systems (and compatible | browsers) at universities? | | They run off more than the one segment they piss off. | ComputerGuru wrote: | > If the audience is the product, Google still has an | interest in selling a quality product. | | Not if they are the only ones left in the game. | | Under Google's tutelage, the scope and complexity of the | web has grown to where it's near impossible to create an | alternative from scratch. | throw_m239339 wrote: | The advertisers are the customers, your data is the | product. | da_chicken wrote: | > Tired of this excuse. | | When it stops being true, it will stop being trotted out as | the explanation for why Google keeps making their browser | better for their ad revenue business. | | > If the audience is the product, Google still has an | interest in selling a quality product. That means not | running off more and more of the most tech savvy "product" | segment. | | Why do you think the most tech savvy segment is the target | audience? Do you have any idea how many advertising dollars | there are in the 12-17 and 18-24 brackets? | beerandt wrote: | >Why do you think the most tech savvy segment is the | target audience? | | Tech savvy doesn't equal hn users. | | You think teenagers and college kids aren't using ad | blockers or selectively clearing browser history? | | There are tech savvy users across all marketing | demographics. | | >When it stops being true, it will stop being trotted out | as the explanation | | It's not really an explanation, though. It's a half-baked | observation. | | Movie theaters make money on concessions, but need the | good movies to draw a crowd. | | Dealerships make their money on service, but still need | to sell cars to get that customer base. | | Even if it's true by some skewed definition, it's mostly | irrelevant. | | It implies that it doesn't matter what they do to users, | and have no interest in keeping them satisfied, and | that's false. They might want to increase ad business, | but that don't do that by allowing users to slowly | trickle to alternatives. Look at firefox's fall from the | top. There wasn't a breaking point, but a constant | trickle due to usability and performance. | dylan604 wrote: | >That means not running off more and more | | Googs: Fine, where are you going to go instead? | | FB: Fine, where are you going to go instead? | | Insta: see above | | Twit: see above | | These people are just fine without the 10 devs that might | throw a hissy. (technically 9, because I have to count | myself) | nobody9999 wrote: | >If the audience is the product, Google still has an | interest in selling a quality product. That means not | running off more and more of the most tech savvy "product" | segment. | | I'd say there's an argument to be made for pushing out the | tech savvy from using Chrome. | | Compared to the total user base, those folks are a tiny | minority who often cause problems by complaining about | privacy invasions and develop/use privacy focused | extensions. | | Why would Google want the small group of folks who draw | attention to and sometimes (gasp!) create extensions that | limit the ability of Google and Chrome to track/monitor the | product herds? | | If the folks who actually have a clue as to what Google is | up to and how they're implementing it are driven away from | Chrome, there will be fewer folks implementing privacy and | related extensions for Chrome. | | Anheuser-Busch doesn't care that a professional brewer is | unlikely to buy cases of Bud Light. In fact, I'm sure | they'd prefer they didn't, as that would likely invite | negative feedback from those folks. | | Having a docile, uninformed pool of "product" to be sold to | advertisers gives Google the opportunity to implement more | and more tracking/advertising features into Chrome with | less pushback from the "product" is likely seen as an | unmitigated good by the rapacious and unethical scum who | want ever more tracking/monitoring in browser-based | interactions. | mark_l_watson wrote: | A bit off topic, but I frequently just delete all cookies on all | browsers on my devices. Since I just use Safari on | iOS/iPadOS/macOS and Chrome on Linux, this is such a quick thing | to do. | | I also try to make using a private browser tab or page as my | normal way to do web browsing. | melbourne_mat wrote: | Agreed. Duck Duck browser on Android has a very prominent | "burn" button next to the URL bar which deletes everything. | It's great! | antisthenes wrote: | It's hard to tell from the article, but aren't detailed cookies | still available through dev tools? | grishka wrote: | You don't even need the dev tools -- you can view individual | cookies by clicking the lock icon in the address bar and then | "cookie settings". | antisthenes wrote: | Yeah, but if that's the case, then I'm completely lost about | what's getting removed from Chrome? | ehsankia wrote: | In my experience cookie control in Chrome have always sucked. | There's barebone support in dev tools but everyone time I've | wanted to do anything serious, I've always relied on more | powerful cookie editing extensions. | putlake wrote: | I regularly use site-specific controls, mostly for Javascript. | Let's hope Edge retains it. | foota wrote: | I don't get why people think this is a move with some agenda, | most likely they just don't think enough people use the single | cookie deletion functionality to warrant having it in the | settings vs the dev tools. | [deleted] | BHSPitMonkey wrote: | The hyperbole in this thread is insane. I would wager that none | of the furious "this is pure evil!" commenters in this thread | even knew this particular settings page existed before today | (and I'd bet they still don't know the information is already | exposed in the URL bar). | | Nobody who isn't a web developer is out there trying to guess | what individual cookie names/values mean or wants to delete | individual ones. At most, they just want to be able to clear | them per-site (or across the entire browser). | | Anyone else will use the Developer Tools UI that's better | suited for the task. | jychang wrote: | Deleting cookies for a group of sites is essential, though, | and they're removing that. | | Think facebook.com, fbcdn.net, etc. | | I end up having to delete cookies for Cars.com every other | week, because sometimes the search function would corrupt | something and every page would return a blank white screen. | qutreM wrote: | Chrome in 10 years will be like a TV... all you will be able to | do is switch between a few hundred channels | SquareWheel wrote: | Browser dev tools are more powerful now than ever before, and | they're only a single key press away. | qutreM wrote: | Dev tools are next... same argument... not many people use | them. | SquareWheel wrote: | You can't have consumers without producers. Dev tools are | an integral tool to building websites and webapps today. | They're still receiving considerable investment from | browser vendors. I see new features in almost every | release. | feanaro wrote: | lol. Because it's such an unimaginable hassle having to keep | this code lying around in the codebase. | tyingq wrote: | Maybe it's changed, but walking a customer through clearing | some specific cookies was a common help desk thing. To deal | with shitty websites...PayPal had this problem for a long time | where you would get an obscure error until you manually cleared | a cookie. | | This will be harder, especially where you need to clear cookies | on different domains like a login page, saml page, account | page, etc. | renewiltord wrote: | You had to clear one cookie on Paypal and leave the rest? | Jesus Christ, what a nightmare! Do you happen to recall what | situation that was? Just curious to read in a Daily WTF | sense, not challenging you to prove it. | tyingq wrote: | You could clear "all cookies for all sites", but that tends | to piss customers off, as pre-filled fields for many | websites are no longer pre-filled. | | If I remember right, clearing it for one site didn't help | because clearing "login.paypal.com" cookies didn't clear | "some-other-thing.paypal.com" or "www.paypal.com". They | seem to use www.paypal.com for everything now. | | Google for: "paypal Your browser sent a request that this | server could not understand" for one example | | Or "paypal your last action could not be completed" for | another. | renewiltord wrote: | I googled for those and it's funny but sadly not as | entertaining as I'd hoped. All the responses involve | clearing all cookies for paypal.com at al. | | > _If I remember right, clearing it for one site didn 't | help because clearing "login.paypal.com" cookies didn't | clear "some-other-thing.paypal.com" or "www.paypal.com". | They seem to use www.paypal.com for everything now._ | | Right, but that's not a problem that this particular | change is going to do anything about. Previously, you had | to find all the different paypal domains and whack their | cookies and now you have to do the same. The | functionality you can't do in the Preferences window now | (but you can in DevTools) is find a single cookie in a | single site and whack that one. _That 's_ the one that | would be Daily WTFy. | tyingq wrote: | Ah, got it. I read the screenshots as the "search" was | also going away. I do have that 'single cookie' thing | with another service where I have to delete one called | TICKET_something, but I'll fumble through it I suppose, | or use an extension. | renewiltord wrote: | I've mostly used this functionality to get my cookie out | for Phantombuster. | crazygringo wrote: | Exactly this. All the functionality is already built into | Chrome right here: | | https://developer.chrome.com/docs/devtools/storage/cookies/ | | Contrary to the headline, Chrome _isn 't removing the ability | to do anything_ -- they're just removing it from the | _preferences_ interface, where I 'm not sure it really ever | made sense to include in the first place. | | Truly, editing/deleting individual cookies isn't something any | regular user ever needs to do -- just clearing per-site, which | continues to exist in preferences. | feanaro wrote: | > where I'm not sure it really ever made sense to include in | the first place. | | So move it somewhere where it makes more sense. | | > Truly, editing/deleting individual cookies isn't something | any regular user ever needs to do | | No true Scotsman? If the user needs to do this, they're | automatically not a regular user, or what? | | Anyway, hard disagree. | canada_dry wrote: | > deleting individual cookies isn't something any regular | user ever needs to do | | I disagree. A problem just recently with a gov site req'd you | delete their cookies to resolve it (as an interim solution | until they get around some year to fix the issue). | [deleted] | renewiltord wrote: | Right, so clear all the cookies for the gov site. | Previously you could do that and now you can do that. | Nothing has changed for this use case. | yccs27 wrote: | Settings vs dev tools does make a huge difference imo. | | The settings pane gives you a cleaner ui for quick | changes (debatable, but I certainly feel this way). Dev | tools can break your browser if you do things wrong. They | are made for development and deep changes, not routine | stuff. | | That is _not_ "nothing has changed". | KingMachiavelli wrote: | You can still clear cookies for a single site by clearing | all data for the site. Does not require devtools. If a | site is bad enough to require clearing cookies, clearing | the cache & stored data is probably not a bad idea. | | If your site needs users to clear cookies, then you | should fix your site. Clearing cookies is not a routine | thing. | Matthias1 wrote: | You can still clear all cookies for a given site from | within preferences. | | They're removing the listing of individual cookies for | each site. So you can still remove all cookies from, e.g. | Hacker News, but will no longer be able to see the | individual names of the cookies, e.g. | `ph_6CDb7STpzm64A_...`. | renewiltord wrote: | It is still in 'Settings', guys. It's in | chrome://settings/content/all instead of | chrome://settings/siteData . Read the third and fourth | sentences of the linked article. You will literally be | able to browse to it in Settings. | | I do have to commend you on the bold tone while being so | misleading, though. Haha, good stuff. I propose a Law of | Increasing Internet Indignation: indignation is a | monotonically decreasing function of knowledge. | Akronymus wrote: | Or also twitter, where it is unusable without logging | in/blocking cookies (Which you can do from the preferences) | JeremyNT wrote: | It's a self fulfilling prophecy. Make a useful feature | difficult to discover, then remove it when few people discover | it. The (not insignificant) current barrier for normal users to | selectively remove cookies will be made even higher if you ask | them to use dev tools. | | One could imagine a browser vendor who made this workflow easy | because they thought it was in the users' best interest. | Obviously, that browser vendor is not Google. | p_j_w wrote: | >Make a useful feature difficult to discover, then remove it | when few people discover it. | | How many people do you really think would ever need this | feature in day to day use, even if it were extremely easy to | find? The number is probably vanishingly small. | topspin wrote: | Seems like this capability would be better served with an | extension. Most (as in nearly all) users will never play with | individual cookies and the people that need to can turn to | quality extensions with more capability than the browser is | ever likely to build in. | hamburgerwah wrote: | Just how much of a middle finger can they give to users before | people wake up and move to Firefox? There was a time Firefox had | some performance problems but that time has passed, it works | every bit as well as Chrome does now, if not better. | franklyt wrote: | Firefox is not as performant as Chrome is. This is something a | web developer will have come across, if not an average user. | butz wrote: | While Chrome performance is obviously better for browsing, | somehow opening DevTools makes it work much slower. As for | casual user, installing ad-blocker makes web browsing way | faster. | [deleted] ___________________________________________________________________ (page generated 2021-09-03 23:00 UTC)