2 Copyright © 2016-2018,2020-2022 Soren Stoutner <soren@stoutner.com>.
4 This file is part of Privacy Browser Android <https://www.stoutner.com/privacy-browser-android>.
6 Privacy Browser Android is free software: you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation, either version 3 of the License, or
9 (at your option) any later version.
11 Privacy Browser Android is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with Privacy Browser Android. If not, see <http://www.gnu.org/licenses/>. -->
21 <meta charset="UTF-8">
23 <link rel="stylesheet" href="../css/theme.css">
25 <!-- Setting the color scheme instructs the WebView to respect `prefers-color-scheme` @media CSS. -->
26 <meta name="color-scheme" content="light dark">
30 <h3><svg class="header"><use href="../shared_images/cookie.svg#icon"/></svg> First-Party Cookies</h3>
32 <p>First-party cookies are set by the website in the URL bar at the top of the page.</p>
34 <p>From the early days of the internet, it became obvious that it would be advantageous for websites to be able to store information on a computer for future access.
35 For example, a website that displays weather information could ask the user for a zip code, and then store it in a cookie.
36 The next time the user visited the website, weather information would automatically load for that zip code, without the user having to enter it again.</p>
38 <p>Like everything else on the web, clever people figured out all types of ways to abuse cookies to do things that users would not approve of if they knew they were happening.
39 For example, a website can set a cookie with a unique serial number on a device.
40 Then, every time a user visits the website on that device, it can be linked to a unique profile the server maintains for that serial number,
41 even if the device connects from different IP addresses.</p>
43 <p>Almost all websites with logins require cookies to be enabled for a user to log in.
44 That is how they make sure it is still you as you move from page to page on the site, and is, in my opinion, the only legitimate use for cookies.</p>
46 <p>If cookies are enabled but JavaScript is disabled, the privacy icon will be yellow <img class="inline" src="../shared_images/warning.svg"> as a warning.</p>
49 <h3><svg class="header"><use href="../shared_images/cookie.svg#icon"/></svg> Third-Party Cookies</h3>
51 <p>Third-party cookies are set by portions of a website that are loaded from servers different from the URL at the top of the page.
52 There is no good reason to ever enable third-party cookies. Privacy Browser 3.8 removed the option, and even Google is planning to
53 <a href="https://www.theverge.com/2020/1/14/21064698/google-third-party-cookies-chrome-two-years-privacy-safari-firefox">disable them in the future</a>.
54 On devices with Android KitKat (version 4.4, API 19), WebView does not
55 <a href="https://developer.android.com/reference/android/webkit/CookieManager.html#setAcceptThirdPartyCookies(android.webkit.WebView, boolean)">differentiate
56 between first-party and third-party cookies</a>. Thus, enabling cookies will also enable third-party cookies.</p>
59 <h3><svg class="header"><use href="../shared_images/web.svg#icon"/></svg> DOM Storage</h3>
61 <p>Document Object Model storage, also known as web storage, is like cookies on steroids. Whereas the maximum combined storage size for all cookies from a single URL is 4 kilobytes,
62 DOM storage can hold <a href="https://en.wikipedia.org/wiki/Web_storage#Features">megabytes per site</a>. Unlike cookies, DOM storage does not send all the data in the headers with every request.
63 Rather, it uses JavaScript to read and write data, which means it does not function when JavaScript is disabled.</p>
66 <h3><svg class="header"><use href="../shared_images/subtitles.svg#icon"/></svg> Form Data</h3>
68 <p>Form data contains information typed into web forms, like user names, addresses, phone numbers, etc., and lists them in a drop-down box on future visits.
69 Unlike the other forms of local storage, form data is not sent to the web server without specific user interaction. Beginning in Android Oreo (version 8.0, API 26),
70 WebView’s form data was replaced by the <a href="https://medium.com/@bherbst/getting-androids-autofill-to-work-for-you-21435debea1">Autofill service</a>.
71 As such, controls for form data no longer appear on newer Android devices.</p>