[Webkit-unassigned] [Bug 216922] ITP breaks login to bookmarklets

Wed Sep 30 05:59:12 PDT 2020

https://bugs.webkit.org/show_bug.cgi?id=216922

--- Comment #2 from jena <cicas at seznam.cz> ---
Thank you for your reply.

On the website of Safari [1] there is a picture under the headline "Defending your online privacy and security", which shows Safari asking about allowing 3rd-party cookies on a shown website (a travel blog with Facebook comment section).

I assume if one allows these cookies, they are placed on some list, under a domain. Or does it work differently? Could this list be used when logging to bookmarklets?

We are talking about a scenario where I can login to a service (Diigo, Mendeley, Facebook, Disqus, ...) on the service website and than be able to use the service on other websites (e.g. as a comment section form or a bookmarklet toolbar). I understand it allows for tracking, but this is why it should be given as a choice to the user of that particular service, as seen in the picture linked above. Blocking everything leads to disappointed users I'm affraid. And I do not see a fundamental technological difference between cookies from Facebook/Disqus comments on a blog and cookies from a bookmarklet. However there is a difference in threat - bookmarklets (saved locally in the browser btw) are invoked by user action, which is not the case for website elements like comment forms. In my view, they pose lower threat to user's privacy than other common parts of the modern web.

One more detail - when I use Diigolet in Firefox, the login doesn't open in new tab, but rather as a dialog tied to the same page. Could this be used as another/alternative solution in webkit?

[1] https://www.apple.com/safari/

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20200930/9459cbeb/attachment.htm>