tldr: Author is referring to the ability to enable the "ask me every time a site wants to set a cookie" prompt (<i>a la</i> Firefox). Looks like this has been disabled in the latest Chrome nightly. FUD, etc.<p>However: In general, cookie controls are still <i>entirely there</i>, so I'm positive that specific feature is what they're referring to. I use an extensive cookie domain blocklist and that's all there and functional. (I've never used said "ask me every time" feature in Chrome, but I went through a phase of using that on Firefox.)<p>-----<p>UPDATE:<p>Found the relevant checkin: <a href="https://code.google.com/p/chromium/issues/detail?id=51375" rel="nofollow">https://code.google.com/p/chromium/issues/detail?id=51375</a><p>Looks like the previous behavior can be re-enabled via the "--enable-cookie-prompt" command line argument.<p>Perhaps support for re-enabling that by default should go in that bug (or a new one that references it)?
Title here and there are a bit misleading. My hope is Lauren has simply missed the cookie icon, in his location bar.<p>Running 7.0.536.2 (dev), in the cookie settings, I can set Chrome to "Block sites from setting any data." Now, upon browsing to a site attempting to set, in the URL (location) bar is a cookie with an "X" overlaid -- similar in style to the padlock with an "X" when an HTTPS URI is using an unsigned SSL cert. Clicking on the cookie presents me with the list of "cookies and other site data." Each can be selected and "Allowed" or "Allowed for session only."<p>The claim that one needs to allow "willy-nilly" or only having the option of "manually entering cookie exceptions into tables," these are just hand-waving. I'm not sure what more is needed; I certainly don't want popups for every cookie without my taking action.
Relatedly:<p><i>Ultimately, the problem is that blocking third-party cookies doesn't really buy you much (if any) privacy from folks who are motivated to track you. On the other hand, blocking third-party cookies does break some real use cases about federated identity and web sites that span more than one host name.<p>We decided to keep the option because it make some of our users happy, but we decided not to make it the default because we don't think the trade-off is advantageous for the majority of users.<p>If you'd like more information about this topic, you might be interested in reading this paper:<p><a href="http://crypto.stanford.edu/safecache/sameorigin.pdf" rel="nofollow">http://crypto.stanford.edu/safecache/sameorigin.pdf</a>
</i><p>From <a href="http://code.google.com/p/chromium/issues/detail?id=51031" rel="nofollow">http://code.google.com/p/chromium/issues/detail?id=51031</a>
The author says google is pushing out new versions of the browser automatically now. I was pretty sure I didn't enable the automatic updating feature but when I checked "About Chrome", I was informed that the browser had been updated. Seems to be no way to disable this either. Am I missing something?
Addendum -- I was unable to see any change from adding the specified command line argument, at least with 7.0.517.24<p>Any contradictory reports? Thanks.
Summary: "I noticed a bug in the latest Beta version of Chrome. I know Beta versions are 100% stable and never have bugs, though, so I assume this is some conspiracy by Google to ruin my life or something. Two more pages of whining about this."<p>I wish everyone contributed to open source projects, so they would know when to blog and when to file a bug report.
Hi all. The original blog post on this topic is mine.<p>Let's assume you're a very "privacy conscious" person who only accepts cookies for sites where you feel they are necessary -- say ones where you're going to login, or you really want to read articles there and you can't without the cookies, or whatever. Under Firefox (and Chrome under the old modality) your cookie setting choice was "Block but notify on new cookies."<p>Under the old model, when you first tried to access that site, create an account, login, register, etc., you'd get the initial pop-ups that you needed to respond to, that made it very clear that there were cookies involved now <i>that you might want to accept</i>. This is in fact a modal decision, because not accepting those cookies at that point will have consequences (like registration sequences that keep repeating, login prompts that won't accept your input, and so on).<p>Now the new model. As you browse the Web the little cookie icon is constantly popping up in the bar. Sometimes it shows clear and sometimes it shows blocked -- but after a while you're just going to ignore it as you go flying from page to page. There's nothing in that icon to alert the user that they've reached an important decision point about an initial cookie from a site. Even if they think to click that icon at the right moment on a new site, they have
to do more clicking to dig down into the cookie management system to accept it if they wish to.<p>Old model: You're on a page where you want to login. You get a pop-up that there's a cookie. One click on Yes. Finished. Easy to do, and impossible to miss that there's a key decision point.<p>You really do want people to make a go/no-go decision on initial cookies from sites, and not create a situation where they can easily go winging by those initial cookies and have them fall into a default blocked state -- since the consequences of doing this are a mess and require going in and deleting cookie blocks manually.<p>It's really initial presentation of first cookies on a new site (when the user is defaulting to blocking cookies) that is the major concern. In that situation, the user <i>should</i> be presented with a modal choice so that they cannot easily miss the fact that they are at an important "exception" decision point -- that is, accepting a cookie when their
default is not to accept all cookies.<p>And remember, by not choosing the simpler "accept all cookies" option, the user has already demonstrated that they have concerns in this area, and are likely to be very accepting of UI sequences that make it easier for them to function within that choice with a minimum of confusion or
risk of not noticing new initial cookie decisions for a site.<p>Sorry about any formatting nasties in this response -- I copied most of it in from a text-based e-mail.<p>Thanks.<p>--Lauren--
lauren@vortex.com
<a href="http://lauren.vortex.com" rel="nofollow">http://lauren.vortex.com</a>
I'm starting to get the impression that Chrome is the browser for inept people, and that if you want good control over the browser behaviour, it's not a good choice. Chrome's responsiveness to public feedback is similar to Google's responsiveness, i.e. not responsive at all, and tends to authoritarianism.<p>My worry is that Firefox may take too much of a lead from it, and similarly start removing features.