Remember to use ad blockers and DNS filters ladies and gentlemen!
Have no idea what Otto[.]de is, nor do I have any plans to find out. But god damn thats a long as time. Its the equivalent of 9993 years if anyone was wondering…
Source; Cookie of a sketchy free VPN that I’m investigating.
Otto.de is a big German online retailer.
Bought a table from them once. Was not a good table.
Bought a table from IKEA once, was not a good table either. You get what you pay for.
I worked for them once. Was not a good experience.
browsers by default wont allow infinite cookies
Which is great, but do you know if that the case for Android apps too? As that is the case in this scenario?
how do you mean so? as in it’s a web app? They have access to persistant storage.
I wasnt thinking clearly… Somehow was thinking they stored cookies outside the browser, then I realised thats not how it works :P Thanks for pointing it out, ill try to find out the default values for cookie-lifetime across browsers next :)
okay:)
If you don’t have your browser set to delete all cookies you haven’t made exceptions for, every time you close it, I don’t know what to tell you. Except… “you should do that”.
I use Firefox temporary containers. So not only are they deleted 5 mins after I close a tab, but different tabs don’t share cookies unless I explicitly allow it or the tabs are opened from one source (e.g. open link in new tab)
Sounds good. Is that an option on desktop and mobile as well? Do I need addons?
It does not seem available on mobile. On desktop, it is an extension called “Temporary Containers”. You may also want the official “Firefox Multi-Account Containers” for managing sites where you want to stay logged in.
Why?
otherwise cookies might stay on your computer for 9993 years.
I guarantee that they won’t stay for that long on my computer.
Edit: nor yours, or anyone else’s
The maximum age is 400 days in Chrome.
Privacy. By using containers and deleting cookies frequently, you can minimize the amount of tracking and data collecting these scum sucking corpos are doing.
Yeah but what about the other 99% of cookie use cases?
You add an exception to your browser to not delete them for that domain, if you need the cookie for the website to function.
That way your sites keep working, and everyone else putting shit in your browser gets their stuff deleted.
Speaking about sketchy and durations…
The certificate for slrpnk.net expired on 5/6/2024.
Error code: SEC_ERROR_EXPIRED_CERTIFICATE
How is that relevant here tho ? Not trying to be rude i just don’t get it .
OP fixed their certificate in the meantime so now I can actually see the image (without jumping through hoops to make firefox ignore the certificate error).
3650000 days looks like a honest mistake, should probably be exactly one year. Which is long, but not an eternity.
Not sure I’m following the issue with slrpnk.net cert, it’s up to date my end. 5/6/2024 hasn’t been yet… so its not expired hah.
I don’t think 3650000 is a typo, that’s four zeros away from being a year. Additionally, many of these cookies have a duration ranging from a few days all the way to 10 years or more.
5/6/2024 hasn’t been yet… so its not expired hah.
The current certificate is valid from Mon, 06 May 2024 07:58:01 GMT to Sun, 04 Aug 2024 07:58:00 GMT, it has been renewed today. Click on the padlock on the address bar and click your way through to see those dates. Renewal was probably automatic, in any case there was enough of a lapse for me to stumble across the error.
I don’t think 3650000 is a typo, that’s four zeros away from being a year.
Then where does the “365” come from? That’s some highly specific digits.
I agree that it is an abnormal at least, it might not be meant to be 3650000, but thats what it says it is… Here is the full list if you want a peek at what I gathered yesterday. The formatting isnt great as it is taking from a spreadsheet.
TCF Vendor / AD Partner Name Longest Cookie Duration (days) Longest Retenion Time by Vendor Exponential Interactive Inc d/b/a VDX.tv 90 397 Roq.ad GmbH 365 365 Index Exchange Inc. 1825 90 Quantcast 3650 395 BeeswaxlO Corporation 395 4320 Sovrn, Inc. 365 180 Adikteev n/a 730 RTB House S.A. 365 565 The UK Trade Desk Ltd 3629 365 admetrics GmbH n/a 365 Nexxen Inc. 180 400 Epsilon 184 3285 Yahoo EMEA Limited 750 400 ADventori SAS 90 400 TripleLift, Inc. 90 52 Xandr, Inc. 90 180 NEORY GmbH 90 90 Nexxen Group LLC 365 400 NEURAL.ONE 365 90 ADITION (Virtual Minds GmbH) 365 90 Active Agent (Virtual Minds GmbH) 365 90 Taboola Europe Limited 366 396 Equativ 396 40 Adform A/S 3650 60 Magnite, Inc. 1825 28 RATEGAIN ADARA INC 730 730 Sift Media, Inc n/a 1 Rakuten Marketing LLC 730 2555 Lumen Research Limited n/a n/a Amazon Ad Server 396 396 Openx 365 90 Yieldlab (Virtual Minds GmbH) 365 30 Roku Advertising Services 396 540 Nano Interactive Group Ltd. n/a 730 Simplifi Holdings LLC 366 4320 PubMatic, Inc 1800 40 Comscore B.V. 720 90 Flashtalking 730 730 PulsePoint, Inc. 365 366 Smaato, Inc. 21 14 Semasio GmbH 366 180 Crimtan Holdings Limited 365 1095 Genius Sports UK Limited 365 365 Criteo SA 390 390 Adloox SA n/a 396 Blis Global Limited 400 400 Lotame Solutions, Inc 274 396 LiveRamp 3653 365 GroupM UK Limited 395 2 LoopMe Limited 90 396 Dynata LLC 365 730 Ask Locala n/a 45 Azira n/a 365 DoubleVerify Inc. n/a 31 BIDSWITCH GmbH 365 365 IPONWEB GmbH 365 365
I guess they are not using php.
First time I encountered a Y2038 bug in the wild. And apparently they still did not fix it for some inane reason.
There’s a long time to 2038, we can start to find solutions around the years 2026-2037
There isn’t any reason for a site to limit the lifetime of most cookies. I have no idea why that field isn’t optional.
Get an extension that will erase the cookies that you don’t care about, do not abide by everything anybody on the web asks you for. And yeah, get an ad-blocker.
At least here in the EU the ePrivacy directive and to a lesser extent the GDPR generally require that cookies have a limited lifetime depending on their function, to eg. prevent companies just attaching a stable identifier to every random passerby essentially forever. @[email protected], if you’re feeling particularly mildly infuriated you could email the German Data Protection Authority, there’s a good chance the cookie could attract the Eye of Sauron
I’m not annoyed, I’m not using this VPN service, only doing research. However, I would appreciate it if you could link me to what you refer to with GDPR and ePrivacy setting a limited cookie lifetime!
Sure! This page has some general info: https://gdpr.eu/cookies/
The directive itself is kind of involved because it goes pretty deep into what its aim is and eg. what sort of information can be considers an identifier, and it’s actually quite well argued and worth a read if that sort of thing is your, er, thing: https://eur-lex.europa.eu/legal-content/EN/ALL/?uri=CELEX%3A32002L0058 (you need to scoll aaalll the way down to be able to show the body text). I had to deal with this stuff professionally when I was a CTO for a company with some stricter than average privacy requirements due to the field, and I was pleasantly surprised to find out how much sense ePrivacy and GDPR actually make
Ayy thanks a lot for that, much appreciated! Have a great day 🌻
Jes but the company showed in OPs Image is a cookie of a German company. Otto de is like a German Amazon. And it is a GmbH so it’s probably registered in Germany.
Which is why I said to contact the German DPA
I have no idea why that field isn’t optional.
It is. But leaving it off means that the cookie will be removed when the browser is shut down.
It is just a sketchy online company. You shootouts never buy there.
OTTO is an age-old German mail order company, they started up in 1949. About 16bn yearly revenue. Second largest online retailer overall in Germany after amazon, larger than amazon in Europe when it comes to clothing. Which TBH actually surprised me I thought zalando had that one nailed down.
They also own their own parcel service (Hermes). Are they sketchy? Yes, I mean they’re turbo capitalists so of course they are. More so than amazon, nope.
They were, like Quelle, one of those mail order companies well before Internet and Amazon. They were once even quite acceptable.
They turned to the very worst, though. If you have a problem, then YOU have the problem. Parcel missing? Well, good luck. Goods are damaged? Nope.
Wait, they own Hermes? That explains quite a lot…
GmbH has been shitting up the web for ~20 years now. First tracking cookie I ever blocked.
…you do know what GmbH stands for, right?
It’s like LLC or Corp.
Hmm… the username. They know.
I’ll take that information to the atm machine.
FYI, GmbH isnt a specific company. GmbH is a German abbreviation, but in English refers to “company with limited liability”.
I know, I’m just joking about the way windows vista used to name tracking cookies. Rather, how sites named their tracking cookies. Given the replies, I take it no one else found it as funny as I used to.
Thanks for the context, I wasn’t aware, that’s pretty funny!
Also wasnt aware of this context, too young i guess :P
Frrr, boycott GmbH 🔥🔥