The Duration Time on this Cookie...

Sunny' 🌻@slrpnk.net to Mildly Infuriating@lemmy.world – 364 points –

Remember to use ad blockers and DNS filters ladies and gentlemen!

Have no idea what Otto[.]de is, nor do I have any plans to find out. But god damn thats a long as time. Its the equivalent of 9993 years if anyone was wondering...

Source; Cookie of a sketchy free VPN that I'm investigating.

51

Otto.de is a big German online retailer.

Bought a table from them once. Was not a good table.

Bought a table from IKEA once, was not a good table either. You get what you pay for.

I worked for them once. Was not a good experience.

browsers by default wont allow infinite cookies

Which is great, but do you know if that the case for Android apps too? As that is the case in this scenario?

how do you mean so? as in it's a web app? They have access to persistant storage.

I wasnt thinking clearly... Somehow was thinking they stored cookies outside the browser, then I realised thats not how it works :P Thanks for pointing it out, ill try to find out the default values for cookie-lifetime across browsers next :)

If you don't have your browser set to delete all cookies you haven't made exceptions for, every time you close it, I don't know what to tell you. Except... "you should do that".

I use Firefox temporary containers. So not only are they deleted 5 mins after I close a tab, but different tabs don't share cookies unless I explicitly allow it or the tabs are opened from one source (e.g. open link in new tab)

Sounds good. Is that an option on desktop and mobile as well? Do I need addons?

It does not seem available on mobile. On desktop, it is an extension called "Temporary Containers". You may also want the official "Firefox Multi-Account Containers" for managing sites where you want to stay logged in.

Why?

Privacy. By using containers and deleting cookies frequently, you can minimize the amount of tracking and data collecting these scum sucking corpos are doing.

Yeah but what about the other 99% of cookie use cases?

You add an exception to your browser to not delete them for that domain, if you need the cookie for the website to function.

That way your sites keep working, and everyone else putting shit in your browser gets their stuff deleted.

otherwise cookies might stay on your computer for 9993 years.

I guarantee that they won't stay for that long on my computer.

Edit: nor yours, or anyone else's

Speaking about sketchy and durations...

The certificate for slrpnk.net expired on 5/6/2024.

Error code: SEC_ERROR_EXPIRED_CERTIFICATE

9 more...

I guess they are not using php.

First time I encountered a Y2038 bug in the wild. And apparently they still did not fix it for some inane reason.

There's a long time to 2038, we can start to find solutions around the years 2026-2037

There isn't any reason for a site to limit the lifetime of most cookies. I have no idea why that field isn't optional.

Get an extension that will erase the cookies that you don't care about, do not abide by everything anybody on the web asks you for. And yeah, get an ad-blocker.

At least here in the EU the ePrivacy directive and to a lesser extent the GDPR generally require that cookies have a limited lifetime depending on their function, to eg. prevent companies just attaching a stable identifier to every random passerby essentially forever. @Sunny@slrpnk.net, if you're feeling particularly mildly infuriated you could email the German Data Protection Authority, there's a good chance the cookie could attract the Eye of Sauron

I'm not annoyed, I'm not using this VPN service, only doing research. However, I would appreciate it if you could link me to what you refer to with GDPR and ePrivacy setting a limited cookie lifetime!

Sure! This page has some general info: https://gdpr.eu/cookies/

The directive itself is kind of involved because it goes pretty deep into what its aim is and eg. what sort of information can be considers an identifier, and it's actually quite well argued and worth a read if that sort of thing is your, er, thing: https://eur-lex.europa.eu/legal-content/EN/ALL/?uri=CELEX%3A32002L0058 (you need to scoll aaalll the way down to be able to show the body text). I had to deal with this stuff professionally when I was a CTO for a company with some stricter than average privacy requirements due to the field, and I was pleasantly surprised to find out how much sense ePrivacy and GDPR actually make

Jes but the company showed in OPs Image is a cookie of a German company. Otto de is like a German Amazon. And it is a GmbH so it's probably registered in Germany.

I have no idea why that field isn't optional.

It is. But leaving it off means that the cookie will be removed when the browser is shut down.

It is just a sketchy online company. You shootouts never buy there.

OTTO is an age-old German mail order company, they started up in 1949. About 16bn yearly revenue. Second largest online retailer overall in Germany after amazon, larger than amazon in Europe when it comes to clothing. Which TBH actually surprised me I thought zalando had that one nailed down.

They also own their own parcel service (Hermes). Are they sketchy? Yes, I mean they're turbo capitalists so of course they are. More so than amazon, nope.

Wait, they own Hermes? That explains quite a lot...

They were, like Quelle, one of those mail order companies well before Internet and Amazon. They were once even quite acceptable.

They turned to the very worst, though. If you have a problem, then YOU have the problem. Parcel missing? Well, good luck. Goods are damaged? Nope.

GmbH has been shitting up the web for ~20 years now. First tracking cookie I ever blocked.

FYI, GmbH isnt a specific company. GmbH is a German abbreviation, but in English refers to "company with limited liability".

I know, I’m just joking about the way windows vista used to name tracking cookies. Rather, how sites named their tracking cookies. Given the replies, I take it no one else found it as funny as I used to.