363
submitted 6 months ago* (last edited 6 months ago) by Sunny@slrpnk.net to c/mildlyinfuriating@lemmy.world

Remember to use ad blockers and DNS filters ladies and gentlemen!

Have no idea what Otto[.]de is, nor do I have any plans to find out. But god damn thats a long as time. Its the equivalent of 9993 years if anyone was wondering...

Source; Cookie of a sketchy free VPN that I'm investigating.

top 50 comments
sorted by: hot top controversial new old
[-] manucode@infosec.pub 80 points 6 months ago

Otto.de is a big German online retailer.

[-] FQQD@lemmy.ohaa.xyz 32 points 6 months ago

Bought a table from them once. Was not a good table.

[-] barsoap@lemm.ee 13 points 6 months ago

Bought a table from IKEA once, was not a good table either. You get what you pay for.

[-] mxl@lemm.ee 5 points 6 months ago

I worked for them once. Was not a good experience.

[-] joewilliams007@kbin.melroy.org 39 points 6 months ago

browsers by default wont allow infinite cookies

[-] Sunny@slrpnk.net 14 points 6 months ago

Which is great, but do you know if that the case for Android apps too? As that is the case in this scenario?

[-] joewilliams007@kbin.melroy.org 2 points 6 months ago

how do you mean so? as in it's a web app? They have access to persistant storage.

[-] Sunny@slrpnk.net 5 points 6 months ago

I wasnt thinking clearly... Somehow was thinking they stored cookies outside the browser, then I realised thats not how it works :P Thanks for pointing it out, ill try to find out the default values for cookie-lifetime across browsers next :)

[-] CarbonatedPastaSauce@lemmy.world 30 points 6 months ago

If you don't have your browser set to delete all cookies you haven't made exceptions for, every time you close it, I don't know what to tell you. Except... "you should do that".

[-] DreamlandLividity@lemmy.world 7 points 6 months ago

I use Firefox temporary containers. So not only are they deleted 5 mins after I close a tab, but different tabs don't share cookies unless I explicitly allow it or the tabs are opened from one source (e.g. open link in new tab)

[-] Duke_Nukem_1990@feddit.de 1 points 6 months ago

Sounds good. Is that an option on desktop and mobile as well? Do I need addons?

[-] DreamlandLividity@lemmy.world 3 points 6 months ago

It does not seem available on mobile. On desktop, it is an extension called "Temporary Containers". You may also want the official "Firefox Multi-Account Containers" for managing sites where you want to stay logged in.

[-] Carighan@lemmy.world 6 points 6 months ago
[-] CarbonatedPastaSauce@lemmy.world 3 points 6 months ago

Privacy. By using containers and deleting cookies frequently, you can minimize the amount of tracking and data collecting these scum sucking corpos are doing.

[-] Carighan@lemmy.world 2 points 6 months ago

Yeah but what about the other 99% of cookie use cases?

[-] CarbonatedPastaSauce@lemmy.world 1 points 6 months ago

You add an exception to your browser to not delete them for that domain, if you need the cookie for the website to function.

That way your sites keep working, and everyone else putting shit in your browser gets their stuff deleted.

[-] fuzzy_feeling@programming.dev 3 points 6 months ago

otherwise cookies might stay on your computer for 9993 years.

[-] NeatNit@discuss.tchncs.de 3 points 6 months ago* (last edited 6 months ago)

I guarantee that they won't stay for that long on my computer.

Edit: nor yours, or anyone else's

[-] AProfessional@lemmy.world 1 points 6 months ago

The maximum age is 400 days in Chrome.

[-] barsoap@lemm.ee 25 points 6 months ago* (last edited 6 months ago)

Speaking about sketchy and durations...

The certificate for slrpnk.net expired on 5/6/2024.

Error code: SEC_ERROR_EXPIRED_CERTIFICATE

[-] Legend@lemmy.sdf.org 7 points 6 months ago* (last edited 6 months ago)

How is that relevant here tho ? Not trying to be rude i just don't get it .

[-] barsoap@lemm.ee 12 points 6 months ago

OP fixed their certificate in the meantime so now I can actually see the image (without jumping through hoops to make firefox ignore the certificate error).

3650000 days looks like a honest mistake, should probably be exactly one year. Which is long, but not an eternity.

[-] Sunny@slrpnk.net 8 points 6 months ago* (last edited 6 months ago)

Not sure I'm following the issue with slrpnk.net cert, it's up to date my end. 5/6/2024 hasn't been yet... so its not expired hah.

I don't think 3650000 is a typo, that's four zeros away from being a year. Additionally, many of these cookies have a duration ranging from a few days all the way to 10 years or more.

[-] barsoap@lemm.ee 0 points 6 months ago

5/6/2024 hasn’t been yet… so its not expired hah.

The current certificate is valid from Mon, 06 May 2024 07:58:01 GMT to Sun, 04 Aug 2024 07:58:00 GMT, it has been renewed today. Click on the padlock on the address bar and click your way through to see those dates. Renewal was probably automatic, in any case there was enough of a lapse for me to stumble across the error.

I don’t think 3650000 is a typo, that’s four zeros away from being a year.

Then where does the "365" come from? That's some highly specific digits.

[-] Sunny@slrpnk.net 2 points 6 months ago

I agree that it is an abnormal at least, it might not be meant to be 3650000, but thats what it says it is... Here is the full list if you want a peek at what I gathered yesterday. The formatting isnt great as it is taking from a spreadsheet.

TCF Vendor / AD Partner Name Longest Cookie Duration (days) Longest Retenion Time by Vendor
Exponential Interactive Inc d/b/a VDX.tv 90 397
Roq.ad GmbH 365 365
Index Exchange Inc. 1825 90
Quantcast 3650 395
BeeswaxlO Corporation 395 4320
Sovrn, Inc. 365 180
Adikteev n/a 730
RTB House S.A. 365 565
The UK Trade Desk Ltd 3629 365
admetrics GmbH n/a 365
Nexxen Inc. 180 400
Epsilon 184 3285
Yahoo EMEA Limited 750 400
ADventori SAS 90 400
TripleLift, Inc. 90 52
Xandr, Inc. 90 180
NEORY GmbH 90 90
Nexxen Group LLC 365 400
NEURAL.ONE 365 90
ADITION (Virtual Minds GmbH) 365 90
Active Agent (Virtual Minds GmbH) 365 90
Taboola Europe Limited 366 396
Equativ 396 40
Adform A/S 3650 60
Magnite, Inc. 1825 28
RATEGAIN ADARA INC 730 730
Sift Media, Inc n/a 1
Rakuten Marketing LLC 730 2555
Lumen Research Limited n/a n/a
Amazon Ad Server 396 396
Openx 365 90
Yieldlab (Virtual Minds GmbH) 365 30
Roku Advertising Services 396 540
Nano Interactive Group Ltd. n/a 730
Simplifi Holdings LLC 366 4320
PubMatic, Inc 1800 40
Comscore B.V. 720 90
Flashtalking 730 730
PulsePoint, Inc. 365 366
Smaato, Inc. 21 14
Semasio GmbH 366 180
Crimtan Holdings Limited 365 1095
Genius Sports UK Limited 365 365
Criteo SA 390 390
Adloox SA n/a 396
Blis Global Limited 400 400
Lotame Solutions, Inc 274 396
LiveRamp 3653 365
GroupM UK Limited 395 2
LoopMe Limited 90 396
Dynata LLC 365 730
Ask Locala n/a 45
Azira n/a 365
DoubleVerify Inc. n/a 31
BIDSWITCH GmbH 365 365
IPONWEB GmbH 365 365
[-] Sunny@slrpnk.net 2 points 6 months ago

It continues;

TCF Vendor / AD Partner Name Longest Cookie Duration (days) Longest Retenion Time by Vendor
NextRoll, Inc. 183 365
Teads France SAS 365 120
Stréer SSP GmbH (SSP) 365 730
OS Data Solutions GmbH & Co. KG 90 730
Permodo GmbH n/a 90
Platform161 B.V. 396 390
Adacado Technologies Inc. (DBA Adacado) 365 395
Basis Global Technologies, Inc. 365 540
SMADEX, S.L.U. 365 365
Bombora Inc. 365 730
EASYmedia GmbH 365 365
Remerge GmbH n/a 365
advanced store GmbH 365 60
Magnite CTY, Inc. 366 28
Delta Projects AB 360 547
usemax advertisement (Emego GmbH) 365 90
emetriq GmbH 1825 180
Publicis Media GmbH 1825 730
M.D. Primis Technologies Ltd. 25 30
OneTag Limited 730 548
Cloud Technologies S.A. 365 365
Smartology Limited n/a 30
Improve Digital 90 90
Adobe Advertising Cloud 730 760
Bannerflow AB 366 30
TabMo SAS n/a 60
Integral Ad Science (incorporating ADmantx) n/a 30
Wizaly 365 1095
Weborama 393 395
Jivox Corporation 365 30
Sage+Archer BV n/a n/a
On Device Research Limited 30 90
Rockabox Media Ltd n/a 3
Exactag GmbH 1825 210
Celtra Inc. 90 365
mainADV Srl 30 90
Gemius SA 1825 1827
The Kantar Group Limited 914 4320
Nielsen Media Research Ltd. 3650 45
Solocal SA 403 4320
Pixalate, Inc. 728 61
Oracle Advertising 180 30
Numberly 180 183
AudienceProject A/S 365 1826
Demandbase, Inc. 730 390
Effiliation / Effinity 30 30
Arrivalist Co. 365 2555
Seenthis AB n/a n/a
Commanders Act 365 730
travel audience GmbH 397 397
HUMAN n/a 1095
Adludio Ltd. n/a 30
Blendee srl 366 180
Innovid LLC 90 365
Papirfly AS n/a 4320
Neustar, Inc., a TransUnion company 365 540
Verve Group Europe GmbH n/a 4320
Otto (GmbH & Co KG) 3650000 731
Adobe Audience Manager, Adobe Experience Platform 180 n/a
Localsensor B.V. n/a 31
Online Solution 365 30
Relay42 Netherlands B.V. 730 1096
GP One GmbH 300 90
The MediaGrid Inc. 365 365
MindTake Research GmbH n/a 180
Cint AB 730 366
Google Advertising Products 396 548
GfK GmbH 730 720
[-] Sunny@slrpnk.net 2 points 6 months ago

It still continues;

TCF Vendor / AD Partner Name Longest Cookie Duration (days) Longest Retenion Time by Vendor
GfK GmbH 730 720
Revjet 730 90
Protected Media LTD n/a 365
Clinch Labs LTD 730 730
Oracle Data Cloud - Moat n/a 365
Hearts and Science Munchen GmbH 60 45
Amazon Advertising 396 395
Moloco, Inc. 730 730
Adtriba GmbH 730 730
Objective Partners BV 90 120
Ensighten 1825 1095
eBay Inc 90 1095
Hurra Communications GmbH 366 396
[-] Sunny@slrpnk.net 3 points 6 months ago

I probably should have linked a spreadsheet or sumthin instead 😅

[-] lars@lemmy.sdf.org 1 points 6 months ago

Please Lemmy know if you do 🐭

[-] bjoern_tantau@swg-empire.de 15 points 6 months ago

I guess they are not using php.

First time I encountered a Y2038 bug in the wild. And apparently they still did not fix it for some inane reason.

[-] Moonrise2473@feddit.it 7 points 6 months ago

There's a long time to 2038, we can start to find solutions around the years 2026-2037

[-] marcos@lemmy.world 3 points 6 months ago

There isn't any reason for a site to limit the lifetime of most cookies. I have no idea why that field isn't optional.

Get an extension that will erase the cookies that you don't care about, do not abide by everything anybody on the web asks you for. And yeah, get an ad-blocker.

[-] hydroptic@sopuli.xyz 10 points 6 months ago* (last edited 6 months ago)

At least here in the EU the ePrivacy directive and to a lesser extent the GDPR generally require that cookies have a limited lifetime depending on their function, to eg. prevent companies just attaching a stable identifier to every random passerby essentially forever. @Sunny@slrpnk.net, if you're feeling particularly mildly infuriated you could email the German Data Protection Authority, there's a good chance the cookie could attract the Eye of Sauron

[-] Sunny@slrpnk.net 4 points 6 months ago

I'm not annoyed, I'm not using this VPN service, only doing research. However, I would appreciate it if you could link me to what you refer to with GDPR and ePrivacy setting a limited cookie lifetime!

[-] hydroptic@sopuli.xyz 4 points 6 months ago* (last edited 6 months ago)

Sure! This page has some general info: https://gdpr.eu/cookies/

The directive itself is kind of involved because it goes pretty deep into what its aim is and eg. what sort of information can be considers an identifier, and it's actually quite well argued and worth a read if that sort of thing is your, er, thing: https://eur-lex.europa.eu/legal-content/EN/ALL/?uri=CELEX%3A32002L0058 (you need to scoll aaalll the way down to be able to show the body text). I had to deal with this stuff professionally when I was a CTO for a company with some stricter than average privacy requirements due to the field, and I was pleasantly surprised to find out how much sense ePrivacy and GDPR actually make

[-] Sunny@slrpnk.net 4 points 6 months ago

Ayy thanks a lot for that, much appreciated! Have a great day 🌻

[-] FMEEE@lemmy.dbzer0.com 1 points 6 months ago

Jes but the company showed in OPs Image is a cookie of a German company. Otto de is like a German Amazon. And it is a GmbH so it's probably registered in Germany.

[-] hydroptic@sopuli.xyz 1 points 6 months ago

Which is why I said to contact the German DPA

[-] bjoern_tantau@swg-empire.de 5 points 6 months ago

I have no idea why that field isn't optional.

It is. But leaving it off means that the cookie will be removed when the browser is shut down.

load more comments
view more: next ›
this post was submitted on 05 May 2024
363 points (95.5% liked)

Mildly Infuriating

35455 readers
17 users here now

Home to all things "Mildly Infuriating" Not infuriating, not enraging. Mildly Infuriating. All posts should reflect that.

I want my day mildly ruined, not completely ruined. Please remember to refrain from reposting old content. If you post a post from reddit it is good practice to include a link and credit the OP. I'm not about stealing content!

It's just good to get something in this website for casual viewing whilst refreshing original content is added overtime.


Rules:

1. Be Respectful


Refrain from using harmful language pertaining to a protected characteristic: e.g. race, gender, sexuality, disability or religion.

Refrain from being argumentative when responding or commenting to posts/replies. Personal attacks are not welcome here.

...


2. No Illegal Content


Content that violates the law. Any post/comment found to be in breach of common law will be removed and given to the authorities if required.

That means: -No promoting violence/threats against any individuals

-No CSA content or Revenge Porn

-No sharing private/personal information (Doxxing)

...


3. No Spam


Posting the same post, no matter the intent is against the rules.

-If you have posted content, please refrain from re-posting said content within this community.

-Do not spam posts with intent to harass, annoy, bully, advertise, scam or harm this community.

-No posting Scams/Advertisements/Phishing Links/IP Grabbers

-No Bots, Bots will be banned from the community.

...


4. No Porn/ExplicitContent


-Do not post explicit content. Lemmy.World is not the instance for NSFW content.

-Do not post Gore or Shock Content.

...


5. No Enciting Harassment,Brigading, Doxxing or Witch Hunts


-Do not Brigade other Communities

-No calls to action against other communities/users within Lemmy or outside of Lemmy.

-No Witch Hunts against users/communities.

-No content that harasses members within or outside of the community.

...


6. NSFW should be behind NSFW tags.


-Content that is NSFW should be behind NSFW tags.

-Content that might be distressing should be kept behind NSFW tags.

...


7. Content should match the theme of this community.


-Content should be Mildly infuriating.

-At this time we permit content that is infuriating until an infuriating community is made available.

...


8. Reposting of Reddit content is permitted, try to credit the OC.


-Please consider crediting the OC when reposting content. A name of the user or a link to the original post is sufficient.

...

...


Also check out:

Partnered Communities:

1.Lemmy Review

2.Lemmy Be Wholesome

3.Lemmy Shitpost

4.No Stupid Questions

5.You Should Know

6.Credible Defense


Reach out to LillianVS for inclusion on the sidebar.

All communities included on the sidebar are to be made in compliance with the instance rules.

founded 2 years ago
MODERATORS