Remember to use ad blockers and DNS filters ladies and gentlemen!
Have no idea what Otto[.]de is, nor do I have any plans to find out. But god damn thats a long as time. Its the equivalent of 9993 years if anyone was wondering...
Source; Cookie of a sketchy free VPN that I'm investigating.
Otto.de is a big German online retailer.
Bought a table from them once. Was not a good table.
Bought a table from IKEA once, was not a good table either. You get what you pay for.
I worked for them once. Was not a good experience.
browsers by default wont allow infinite cookies
Which is great, but do you know if that the case for Android apps too? As that is the case in this scenario?
how do you mean so? as in it's a web app? They have access to persistant storage.
I wasnt thinking clearly... Somehow was thinking they stored cookies outside the browser, then I realised thats not how it works :P Thanks for pointing it out, ill try to find out the default values for cookie-lifetime across browsers next :)
okay:)
If you don't have your browser set to delete all cookies you haven't made exceptions for, every time you close it, I don't know what to tell you. Except... "you should do that".
I use Firefox temporary containers. So not only are they deleted 5 mins after I close a tab, but different tabs don't share cookies unless I explicitly allow it or the tabs are opened from one source (e.g. open link in new tab)
Sounds good. Is that an option on desktop and mobile as well? Do I need addons?
It does not seem available on mobile. On desktop, it is an extension called "Temporary Containers". You may also want the official "Firefox Multi-Account Containers" for managing sites where you want to stay logged in.
Why?
otherwise cookies might stay on your computer for 9993 years.
I guarantee that they won't stay for that long on my computer.
Edit: nor yours, or anyone else's
The maximum age is 400 days in Chrome.
Privacy. By using containers and deleting cookies frequently, you can minimize the amount of tracking and data collecting these scum sucking corpos are doing.
Yeah but what about the other 99% of cookie use cases?
You add an exception to your browser to not delete them for that domain, if you need the cookie for the website to function.
That way your sites keep working, and everyone else putting shit in your browser gets their stuff deleted.
Speaking about sketchy and durations...
The certificate for slrpnk.net expired on 5/6/2024.
Error code: SEC_ERROR_EXPIRED_CERTIFICATE
How is that relevant here tho ? Not trying to be rude i just don't get it .
OP fixed their certificate in the meantime so now I can actually see the image (without jumping through hoops to make firefox ignore the certificate error).
3650000 days looks like a honest mistake, should probably be exactly one year. Which is long, but not an eternity.
Not sure I'm following the issue with slrpnk.net cert, it's up to date my end. 5/6/2024 hasn't been yet... so its not expired hah.
I don't think 3650000 is a typo, that's four zeros away from being a year. Additionally, many of these cookies have a duration ranging from a few days all the way to 10 years or more.
5/6/2024 hasn’t been yet… so its not expired hah.
The current certificate is valid from Mon, 06 May 2024 07:58:01 GMT to Sun, 04 Aug 2024 07:58:00 GMT, it has been renewed today. Click on the padlock on the address bar and click your way through to see those dates. Renewal was probably automatic, in any case there was enough of a lapse for me to stumble across the error.
I don’t think 3650000 is a typo, that’s four zeros away from being a year.
Then where does the "365" come from? That's some highly specific digits.
I agree that it is an abnormal at least, it might not be meant to be 3650000, but thats what it says it is... Here is the full list if you want a peek at what I gathered yesterday. The formatting isnt great as it is taking from a spreadsheet.
| TCF Vendor / AD Partner Name | Longest Cookie Duration (days) | Longest Retenion Time by Vendor |
|---|---|---|
| Exponential Interactive Inc d/b/a VDX.tv | 90 | 397 |
| Roq.ad GmbH | 365 | 365 |
| Index Exchange Inc. | 1825 | 90 |
| Quantcast | 3650 | 395 |
| BeeswaxlO Corporation | 395 | 4320 |
| Sovrn, Inc. | 365 | 180 |
| Adikteev | n/a | 730 |
| RTB House S.A. | 365 | 565 |
| The UK Trade Desk Ltd | 3629 | 365 |
| admetrics GmbH | n/a | 365 |
| Nexxen Inc. | 180 | 400 |
| Epsilon | 184 | 3285 |
| Yahoo EMEA Limited | 750 | 400 |
| ADventori SAS | 90 | 400 |
| TripleLift, Inc. | 90 | 52 |
| Xandr, Inc. | 90 | 180 |
| NEORY GmbH | 90 | 90 |
| Nexxen Group LLC | 365 | 400 |
| NEURAL.ONE | 365 | 90 |
| ADITION (Virtual Minds GmbH) | 365 | 90 |
| Active Agent (Virtual Minds GmbH) | 365 | 90 |
| Taboola Europe Limited | 366 | 396 |
| Equativ | 396 | 40 |
| Adform A/S | 3650 | 60 |
| Magnite, Inc. | 1825 | 28 |
| RATEGAIN ADARA INC | 730 | 730 |
| Sift Media, Inc | n/a | 1 |
| Rakuten Marketing LLC | 730 | 2555 |
| Lumen Research Limited | n/a | n/a |
| Amazon Ad Server | 396 | 396 |
| Openx | 365 | 90 |
| Yieldlab (Virtual Minds GmbH) | 365 | 30 |
| Roku Advertising Services | 396 | 540 |
| Nano Interactive Group Ltd. | n/a | 730 |
| Simplifi Holdings LLC | 366 | 4320 |
| PubMatic, Inc | 1800 | 40 |
| Comscore B.V. | 720 | 90 |
| Flashtalking | 730 | 730 |
| PulsePoint, Inc. | 365 | 366 |
| Smaato, Inc. | 21 | 14 |
| Semasio GmbH | 366 | 180 |
| Crimtan Holdings Limited | 365 | 1095 |
| Genius Sports UK Limited | 365 | 365 |
| Criteo SA | 390 | 390 |
| Adloox SA | n/a | 396 |
| Blis Global Limited | 400 | 400 |
| Lotame Solutions, Inc | 274 | 396 |
| LiveRamp | 3653 | 365 |
| GroupM UK Limited | 395 | 2 |
| LoopMe Limited | 90 | 396 |
| Dynata LLC | 365 | 730 |
| Ask Locala | n/a | 45 |
| Azira | n/a | 365 |
| DoubleVerify Inc. | n/a | 31 |
| BIDSWITCH GmbH | 365 | 365 |
| IPONWEB GmbH | 365 | 365 |
It continues;
| TCF Vendor / AD Partner Name | Longest Cookie Duration (days) | Longest Retenion Time by Vendor |
|---|---|---|
| NextRoll, Inc. | 183 | 365 |
| Teads France SAS | 365 | 120 |
| Stréer SSP GmbH (SSP) | 365 | 730 |
| OS Data Solutions GmbH & Co. KG | 90 | 730 |
| Permodo GmbH | n/a | 90 |
| Platform161 B.V. | 396 | 390 |
| Adacado Technologies Inc. (DBA Adacado) | 365 | 395 |
| Basis Global Technologies, Inc. | 365 | 540 |
| SMADEX, S.L.U. | 365 | 365 |
| Bombora Inc. | 365 | 730 |
| EASYmedia GmbH | 365 | 365 |
| Remerge GmbH | n/a | 365 |
| advanced store GmbH | 365 | 60 |
| Magnite CTY, Inc. | 366 | 28 |
| Delta Projects AB | 360 | 547 |
| usemax advertisement (Emego GmbH) | 365 | 90 |
| emetriq GmbH | 1825 | 180 |
| Publicis Media GmbH | 1825 | 730 |
| M.D. Primis Technologies Ltd. | 25 | 30 |
| OneTag Limited | 730 | 548 |
| Cloud Technologies S.A. | 365 | 365 |
| Smartology Limited | n/a | 30 |
| Improve Digital | 90 | 90 |
| Adobe Advertising Cloud | 730 | 760 |
| Bannerflow AB | 366 | 30 |
| TabMo SAS | n/a | 60 |
| Integral Ad Science (incorporating ADmantx) | n/a | 30 |
| Wizaly | 365 | 1095 |
| Weborama | 393 | 395 |
| Jivox Corporation | 365 | 30 |
| Sage+Archer BV | n/a | n/a |
| On Device Research Limited | 30 | 90 |
| Rockabox Media Ltd | n/a | 3 |
| Exactag GmbH | 1825 | 210 |
| Celtra Inc. | 90 | 365 |
| mainADV Srl | 30 | 90 |
| Gemius SA | 1825 | 1827 |
| The Kantar Group Limited | 914 | 4320 |
| Nielsen Media Research Ltd. | 3650 | 45 |
| Solocal SA | 403 | 4320 |
| Pixalate, Inc. | 728 | 61 |
| Oracle Advertising | 180 | 30 |
| Numberly | 180 | 183 |
| AudienceProject A/S | 365 | 1826 |
| Demandbase, Inc. | 730 | 390 |
| Effiliation / Effinity | 30 | 30 |
| Arrivalist Co. | 365 | 2555 |
| Seenthis AB | n/a | n/a |
| Commanders Act | 365 | 730 |
| travel audience GmbH | 397 | 397 |
| HUMAN | n/a | 1095 |
| Adludio Ltd. | n/a | 30 |
| Blendee srl | 366 | 180 |
| Innovid LLC | 90 | 365 |
| Papirfly AS | n/a | 4320 |
| Neustar, Inc., a TransUnion company | 365 | 540 |
| Verve Group Europe GmbH | n/a | 4320 |
| Otto (GmbH & Co KG) | 3650000 | 731 |
| Adobe Audience Manager, Adobe Experience Platform | 180 | n/a |
| Localsensor B.V. | n/a | 31 |
| Online Solution | 365 | 30 |
| Relay42 Netherlands B.V. | 730 | 1096 |
| GP One GmbH | 300 | 90 |
| The MediaGrid Inc. | 365 | 365 |
| MindTake Research GmbH | n/a | 180 |
| Cint AB | 730 | 366 |
| Google Advertising Products | 396 | 548 |
| GfK GmbH | 730 | 720 |
It still continues;
| TCF Vendor / AD Partner Name | Longest Cookie Duration (days) | Longest Retenion Time by Vendor |
|---|---|---|
| GfK GmbH | 730 | 720 |
| Revjet | 730 | 90 |
| Protected Media LTD | n/a | 365 |
| Clinch Labs LTD | 730 | 730 |
| Oracle Data Cloud - Moat | n/a | 365 |
| Hearts and Science Munchen GmbH | 60 | 45 |
| Amazon Advertising | 396 | 395 |
| Moloco, Inc. | 730 | 730 |
| Adtriba GmbH | 730 | 730 |
| Objective Partners BV | 90 | 120 |
| Ensighten | 1825 | 1095 |
| eBay Inc | 90 | 1095 |
| Hurra Communications GmbH | 366 | 396 |
I probably should have linked a spreadsheet or sumthin instead 😅
Please Lemmy know if you do 🐭
I guess they are not using php.
First time I encountered a Y2038 bug in the wild. And apparently they still did not fix it for some inane reason.
There's a long time to 2038, we can start to find solutions around the years 2026-2037
There isn't any reason for a site to limit the lifetime of most cookies. I have no idea why that field isn't optional.
Get an extension that will erase the cookies that you don't care about, do not abide by everything anybody on the web asks you for. And yeah, get an ad-blocker.
At least here in the EU the ePrivacy directive and to a lesser extent the GDPR generally require that cookies have a limited lifetime depending on their function, to eg. prevent companies just attaching a stable identifier to every random passerby essentially forever. @Sunny@slrpnk.net, if you're feeling particularly mildly infuriated you could email the German Data Protection Authority, there's a good chance the cookie could attract the Eye of Sauron
I'm not annoyed, I'm not using this VPN service, only doing research. However, I would appreciate it if you could link me to what you refer to with GDPR and ePrivacy setting a limited cookie lifetime!
Sure! This page has some general info: https://gdpr.eu/cookies/
The directive itself is kind of involved because it goes pretty deep into what its aim is and eg. what sort of information can be considers an identifier, and it's actually quite well argued and worth a read if that sort of thing is your, er, thing: https://eur-lex.europa.eu/legal-content/EN/ALL/?uri=CELEX%3A32002L0058 (you need to scoll aaalll the way down to be able to show the body text). I had to deal with this stuff professionally when I was a CTO for a company with some stricter than average privacy requirements due to the field, and I was pleasantly surprised to find out how much sense ePrivacy and GDPR actually make
Ayy thanks a lot for that, much appreciated! Have a great day 🌻
Jes but the company showed in OPs Image is a cookie of a German company. Otto de is like a German Amazon. And it is a GmbH so it's probably registered in Germany.
Which is why I said to contact the German DPA
I have no idea why that field isn't optional.
It is. But leaving it off means that the cookie will be removed when the browser is shut down.
Home to all things "Mildly Infuriating" Not infuriating, not enraging. Mildly Infuriating. All posts should reflect that.
I want my day mildly ruined, not completely ruined. Please remember to refrain from reposting old content. If you post a post from reddit it is good practice to include a link and credit the OP. I'm not about stealing content!
It's just good to get something in this website for casual viewing whilst refreshing original content is added overtime.
Rules:
1. Be Respectful
Refrain from using harmful language pertaining to a protected characteristic: e.g. race, gender, sexuality, disability or religion.
Refrain from being argumentative when responding or commenting to posts/replies. Personal attacks are not welcome here.
...
2. No Illegal Content
Content that violates the law. Any post/comment found to be in breach of common law will be removed and given to the authorities if required.
That means: -No promoting violence/threats against any individuals
-No CSA content or Revenge Porn
-No sharing private/personal information (Doxxing)
...
3. No Spam
Posting the same post, no matter the intent is against the rules.
-If you have posted content, please refrain from re-posting said content within this community.
-Do not spam posts with intent to harass, annoy, bully, advertise, scam or harm this community.
-No posting Scams/Advertisements/Phishing Links/IP Grabbers
-No Bots, Bots will be banned from the community.
...
4. No Porn/Explicit
Content
-Do not post explicit content. Lemmy.World is not the instance for NSFW content.
-Do not post Gore or Shock Content.
...
5. No Enciting Harassment,
Brigading, Doxxing or Witch Hunts
-Do not Brigade other Communities
-No calls to action against other communities/users within Lemmy or outside of Lemmy.
-No Witch Hunts against users/communities.
-No content that harasses members within or outside of the community.
...
6. NSFW should be behind NSFW tags.
-Content that is NSFW should be behind NSFW tags.
-Content that might be distressing should be kept behind NSFW tags.
...
7. Content should match the theme of this community.
-Content should be Mildly infuriating.
-At this time we permit content that is infuriating until an infuriating community is made available.
...
8. Reposting of Reddit content is permitted, try to credit the OC.
-Please consider crediting the OC when reposting content. A name of the user or a link to the original post is sufficient.
...
...
Also check out:
Partnered Communities:
Reach out to LillianVS for inclusion on the sidebar.
All communities included on the sidebar are to be made in compliance with the instance rules.