Google sets cookies in private mode
I have set Firefox to always load in Private mode through about:config and through the Privacy settings panel. Despite this, I see an NID cookie from google every time I open a window. Even when I do a clean exit and start afresh, the cookie is there. I can use a cookie manager to delete the cookie but it always reappears. I even have google blocked in the cookie exception setting and don't use google as my default search provider.
I'm on a Mac running FF 46.0.1.
I thought Private mode was not supposed to do this.
Chosen solution
Ok. Although I don't fully understand why it is implementing Safe Browsing when it is disabled, I will adjust my browsing accordingly. Thanks for the quick feedback.
Read this answer in context 👍 5All Replies (6)
Some Google cookies are used for the safe browsing component (phishing protection) and you can't remove these special cookies permanently.
According to Google's own pages: https://www.google.com/policies/technologies/types/
"Google uses cookies like NID and SID to help customize ads on Google properties, like Google Search. For example, we use such cookies to remember your most recent searches, your previous interactions with an advertiser’s ads or search results, and your visits to an advertiser’s website. This helps us to show you customized ads on Google."
This doesn't seem like safe browsing.
as cor-el has mentioned this is most likely a sandboxed google cookie from the connection to retrieve the safebrowsing list from their server. you can test it by disabling the blocking of reported attack sites and web forgeries in the firefox menu ≡ > options > security panel...
I tried disabling the two settings and the cookie comes back. I can delete it with a cookie manager and it is restored within a minute or two.
Here are the HTTP response headers from one of the safebrowsing-update requests that include a request to create a NID cookie as seen with the Live Http Headers extension.
https://safebrowsing.google.com/safebrowsing/downloads?client=navclient-auto-ffox&appver=47.0.1&pver=2.2&key=xxxxxxx_xxxxxxxxxxxxxxxxxxxxxxxx_xxxxxx HTTP/2.0 200 OK Content-Type: application/vnd.google.safebrowsing-update p3p: CP="This is not a P3P policy! See https://www.google.com/support/accounts/answer/151657?hl=en for more info." x-content-type-options: nosniff Server: HTTP server (unknown) Content-Length: 737 X-XSS-Protection: 1; mode=block X-Frame-Options: SAMEORIGIN Set-Cookie: NID=82=xxxxxxx_xxxxxxxxxxxxxxxxxxxxxxxxxx_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx; expires=Sun, 15-Jan-2017 22:58:08 GMT; path=/; domain=.google.com; HttpOnly Alternate-Protocol: 443:quic Alt-Svc: quic=":443"; ma=2592000; v="36,35,34,33,32,31,30,29,28,27,26,25" Expires: Sat, 16 Jul 2016 22:58:08 GMT Cache-Control: private X-Firefox-Spdy: h2
Chosen Solution
Ok. Although I don't fully understand why it is implementing Safe Browsing when it is disabled, I will adjust my browsing accordingly. Thanks for the quick feedback.