Opened 6 years ago

Last modified 5 weeks ago

#3546 assigned defect

Disabling Third party cookies breaks some REcaptcha-using sites

Reported by: mikeperry Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: tbb-usability-website
Cc: g.koppen@…, michael Actual Points:
Parent ID: Points: 4
Reviewer: Sponsor:

Description

We've had several anecdotal reports that our TBB default of disabling 3rd party cookies breaks REcaptcha on some sites.

It turns out there is a way to do REcaptcha without 3rd party cookies, but it is not the default mode. For example, drupal pre-6.x uses the 3rd-party cookie mechanism: http://drupal.org/node/1168740

So, do we give up? Do we enable third party cookies? I think so, but perhaps we can convince Mozilla to update the patch for #3246 for us first, so we can try it out.

If nothing happens on the Mozilla front, we should re-enable 3rd party cookies completely for TBB 2.2.x-stable and just rely on #523.

Child Tickets

TicketStatusOwnerSummaryComponent
#3676closedmikeperryTest Priv3 w/ Recaptcha + DisQusApplications/Tor bundles/installation

Change History (11)

comment:1 Changed 6 years ago by mikeperry

We may be able to hack http://priv3.icsi.berkeley.edu/ to allow recaptcha to work.. We still need a test site though..

comment:2 Changed 6 years ago by mikeperry

Owner: changed from erinn to mikeperry
Points: 4
Status: newassigned

comment:3 Changed 6 years ago by mikeperry

The DisQus commenting system also requires 3rd party cookies. Perhaps we can also craft a priv3 policy for it?

Example link (and interesting reading, esp the comments): http://www.docpop.org/2011/07/trapped-in-the-googlehole/

comment:4 Changed 6 years ago by mikeperry

Type: defectenhancement

comment:5 Changed 6 years ago by mikeperry

Priority: majornormal

comment:6 Changed 6 years ago by gk

Cc: g.koppen@… added

comment:7 in reply to:  description Changed 5 years ago by arma

Replying to mikeperry:

If nothing happens on the Mozilla front, we should re-enable 3rd party cookies completely for TBB 2.2.x-stable and just rely on #523.

Mike, it looks like we didn't go this route?

Or did we, and just not close the ticket?

comment:8 Changed 3 years ago by michael

Cc: michael added

comment:9 Changed 3 years ago by erinn

Keywords: needs-triage added

comment:10 Changed 3 years ago by erinn

Component: Tor bundles/installationTor Browser

comment:11 Changed 5 weeks ago by cypherpunks

Keywords: tbb-usability-website added; needs-triage removed
Milestone: TorBrowserBundle 2.2.x-stable
Owner: changed from mikeperry to tbb-team
Severity: Normal
Type: enhancementdefect
Note: See TracTickets for help on using tickets.