This thread was archived. Please ask a new question if you need help.
Google sets cookies in private mode
I have set Firefox to always load in Private mode through about:config and through the Privacy settings panel. Despite this, I see an NID cookie from google every time I open a window. Even when I do a clean exit and start afresh, the cookie is there. I can use a cookie manager to delete the cookie but it always reappears. I even have google blocked in the cookie exception setting and don't use google as my default search provider.
I'm on a Mac running FF 46.0.1.
I thought Private mode was not supposed to do this.
Ok. Although I don't fully understand why it is implementing Safe Browsing when it is disabled, I will adjust my browsing accordingly. Thanks for the quick feedback.Read this answer in context 👍 5
All Replies (6)
Some Google cookies are used for the safe browsing component (phishing protection) and you can't remove these special cookies permanently.
According to Google's own pages: https://www.google.com/policies/technologies/types/
This doesn't seem like safe browsing.
as cor-el has mentioned this is most likely a sandboxed google cookie from the connection to retrieve the safebrowsing list from their server. you can test it by disabling the blocking of reported attack sites and web forgeries in the firefox menu ≡ > options > security panel...
I tried disabling the two settings and the cookie comes back. I can delete it with a cookie manager and it is restored within a minute or two.
Here are the HTTP response headers from one of the safebrowsing-update requests that include a request to create a NID cookie as seen with the Live Http Headers extension.
https://safebrowsing.google.com/safebrowsing/downloads?client=navclient-auto-ffox&appver=47.0.1&pver=2.2&key=xxxxxxx_xxxxxxxxxxxxxxxxxxxxxxxx_xxxxxx HTTP/2.0 200 OK Content-Type: application/vnd.google.safebrowsing-update p3p: CP="This is not a P3P policy! See https://www.google.com/support/accounts/answer/151657?hl=en for more info." x-content-type-options: nosniff Server: HTTP server (unknown) Content-Length: 737 X-XSS-Protection: 1; mode=block X-Frame-Options: SAMEORIGIN Set-Cookie: NID=82=xxxxxxx_xxxxxxxxxxxxxxxxxxxxxxxxxx_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx; expires=Sun, 15-Jan-2017 22:58:08 GMT; path=/; domain=.google.com; HttpOnly Alternate-Protocol: 443:quic Alt-Svc: quic=":443"; ma=2592000; v="36,35,34,33,32,31,30,29,28,27,26,25" Expires: Sat, 16 Jul 2016 22:58:08 GMT Cache-Control: private X-Firefox-Spdy: h2
Ok. Although I don't fully understand why it is implementing Safe Browsing when it is disabled, I will adjust my browsing accordingly. Thanks for the quick feedback.