MST wrote:Mele20 wrote:Iron does not pass cookie forensics at GRC.com (context problems with third party cookies being set even when blocked). That is the older versions do not pass. This new version, I shudder to think how it would perform. I like Iron but Google is intent on stripping users of ALL privacy and I am not going to upgrade Iron after reading this thread nor will I continue to use the version I have. Opera, Fx both respect my privacy much better and they pass cookie forensics tests at GRC.com. IE, of course, doesn't pass as how you set it for cookies is irrelevant as it ignores your settings in all versions.
There is also the SSL problem with Iron. I cannot force Iron to disallow the weak ciphers like I can with Opera. Of course, I assume this is a Chrome problem not an Iron one. Google hates any sort of privacy or security for users and Iron can't fix all the Google privacy/security problems in Chrome with its Iron offering. So, I am better off security, and privacy wise, with Opera and Firefox although they also have to watched very carefully as they too will cause immense security and privacy problems if not very carefully configured.
After setting IRON to block 3d party cookies,you need to restart browser.I passed the test.
Yes, it passes the main test. It does NOT pass Cross Context cookie test at GRC.
"The three third-party session cookies shown above as “context” (purple) were originally received by your browser from a first-party server, but they are now being returned to our third-party server. This is the result of poor web browser privacy design which blocks incoming but not outgoing cookie exchanges. In practice this is used against you by causing your browser to follow a link to a third-party tracking site. But because your browser is briefly there in a first-party context — visiting the site directly — the site can plant a first-party session cookie in your browser, which your browser's settings are currently configured to allow (as is common and usually safe). But then, when visiting other sites, your browser continues to offer that cookie to third-party advertising and profiling servers, allowing your location and movement to be tracked across the Internet . . . even though you configured your browser to block such third-party tracking and profiling. Some browsers can be configured to “leash” cookies to prevent this “cross-context” leakage — which you should definitely explore. Either doing that, or changing browsers, is your only recourse. Either way, not blocking outbound cookies, as this browser is doing, is obviously very poor privacy design."
It also fails the same test using permanent cookies. The three it fails on are page, css, and script. Other browsers used to fail on some of these but Opera does not fail on any now. It is not surprising that Iron would fail as Google is not about to allow users any privacy and Iron can't all the privacy leaks in Chrome.