Personal computing discussed

Amazon & Private Browsing

Moderators: renee, Dposcorp

Post Reply
 
seeker010
Gerbil First Class
Topic Author
Posts: 143
Joined: Sat Oct 19, 2002 8:52 am

Amazon & Private Browsing

Mon Jul 27, 2015 12:27 pm

Has Amazon figured out a way to read cookies across private browsing sessions, or is it a Firefox bug?
I used Firefox private mode to browse for something on Amazon, added it to cart, then opened up a none private window and the item I added was in my card.
Top
 
Flying Fox
Gerbil God
Posts: 25690
Joined: Mon May 24, 2004 2:19 am
Contact:
Contact Flying Fox

Re: Amazon & Private Browsing

Mon Jul 27, 2015 12:35 pm

Were you logged in to your account in the Private session as well as your non-Private session? The cart is saved with your account as well I believe.
The Model M is not for the faint of heart. You either like them or hate them.

Gerbils unite! Fold for UnitedGerbilNation, team 2630.
Top
 
mattshwink
Gerbil Team Leader
Posts: 200
Joined: Wed Jul 16, 2008 7:54 am
Location: Alexandria, VA

Re: Amazon & Private Browsing

Mon Jul 27, 2015 12:36 pm

I might be missing something here.....
What is your cart has nothing to do with cookies, as far as I understand it. It is tied to your login. If I have something in my cart and login from a different browser or even a different computer (or mobile device) it is still there in my cart.

As an aside, this happened a while back (maybe Christmas, maybe farther, and maybe not even Amazon) but I was doing some comparison shopping and left something in my cart. A week later I got an e-mail saying "hey this is still in your cart" come back and buy it.
Top
 
just brew it!
Administrator
Posts: 54500
Joined: Tue Aug 20, 2002 10:51 pm
Location: Somewhere, having a beer

Re: Amazon & Private Browsing

Mon Jul 27, 2015 12:37 pm

Did you log in to your Amazon account? If you are logged in changes to your cart made in the private session will be visible in the non-private one and vice-versa.

Edit: D'oh! Everyone else had the same idea. :lol:
Nostalgia isn't what it used to be.
Top
 
seeker010
Gerbil First Class
Topic Author
Posts: 143
Joined: Sat Oct 19, 2002 8:52 am

Re: Amazon & Private Browsing

Mon Jul 27, 2015 1:16 pm

logged in via standard session but not logged in via private session. I though the login flag was set by cookie, which shouldn't have carried over to the private session.

edit: just checked, in private session it's as if I was not logged in, but the item browsing history (which was off in the standard session) and the cart items magically appeared in the standard session.
Top
 
jihadjoe
Gerbil Elite
Posts: 835
Joined: Mon Dec 06, 2010 11:34 am

Re: Amazon & Private Browsing

Mon Jul 27, 2015 2:03 pm

Are you on IPv6? The last octet of your IPv6 address is pretty good way to uniquely identify a machine.
Do you have flash? Cookies stored in flash might break private mode and persist even across different browsers.

Chromium has an interesting paper on client identification mechanisms. tl;dr: There is a LOT of stuff we do that can identify us, even without cookies.
Top
 
Froz
Gerbil
Posts: 41
Joined: Tue Mar 04, 2014 7:24 am

Re: Amazon & Private Browsing

Mon Jul 27, 2015 3:08 pm

From Amazon's privacy notice:

We may also use browser data such as cookies, Flash cookies (also known as Flash Local Shared Objects), or similar data on certain parts of our Web site for fraud prevention and other purposes


If you haven't heard about evercookie, check this page for some ideas on how a webpage could store information to identify the pc:

http://samy.pl/evercookie/

However, I find it surprising they would use such methods to save your cart...
Top
 
Milo Burke
Gerbil XP
Posts: 490
Joined: Thu Nov 07, 2013 11:49 am

Re: Amazon & Private Browsing

Mon Jul 27, 2015 3:48 pm

I love cookies!
Top
 
seeker010
Gerbil First Class
Topic Author
Posts: 143
Joined: Sat Oct 19, 2002 8:52 am

Re: Amazon & Private Browsing

Mon Jul 27, 2015 5:14 pm

jihadjoe wrote:
Are you on IPv6? The last octet of your IPv6 address is pretty good way to uniquely identify a machine.
Do you have flash? Cookies stored in flash might break private mode and persist even across different browsers.

Chromium has an interesting paper on client identification mechanisms. tl;dr: There is a LOT of stuff we do that can identify us, even without cookies.

is this no longer true?

Code: Select all
Starting with Flash Player 10.1, Flash Player actively supports the browser's private browsing mode, managing data in local storage so that it is consistent with private browsing. When a private browsing session ends, Flash Player automatically clears any corresponding data in local storage.

Also, Flash Player separates the local storage used in normal browsing from the local storage used during private browsing. When you enter private browsing mode, sites that you previously visited cannot access information they saved on your computer during normal browsing. For example, if you save your password in a Flash-powered web application during normal browsing, the site does not remember it when you visit the site using private browsing.

Also, how would they distinguish between two different computers on a NAT? Let's say you're in college sharing a connection with your roommate, and one of you logins in without logging out and the other always is logged out.

Froz wrote:
From Amazon's privacy notice:

We may also use browser data such as cookies, Flash cookies (also known as Flash Local Shared Objects), or similar data on certain parts of our Web site for fraud prevention and other purposes


If you haven't heard about evercookie, check this page for some ideas on how a webpage could store information to identify the pc:

http://samy.pl/evercookie/

However, I find it surprising they would use such methods to save your cart...

that's interesting, I could see how they would want to track their customers. but I went to that page to create an evercookie in private mode and then tried to query it in standard mode and it returned undefined, so that looks to be a negative result

edit: just tried on IE, can't repeat it; meaning in IE the private mode is correctly sandboxing Amazon sessions.
Top
 
Froz
Gerbil
Posts: 41
Joined: Tue Mar 04, 2014 7:24 am

Re: Amazon & Private Browsing

Tue Jul 28, 2015 3:59 am

that's interesting, I could see how they would want to track their customers. but I went to that page to create an evercookie in private mode and then tried to query it in standard mode and it returned undefined, so that looks to be a negative result

Try the other way around. Set up the cookie in standard mode then go to private mode and see if it can read it. I'm guessing that's how they might be doing it (and store information about your cart on their servers, attached to your cookie info, though I still don't get it why they would do it). Edit: I checked and that also doesn't work. I guess the privacy mode is better then I thought.

Anyway, I just tried it in Firefox and I can't get the cart to copy from private mode no matter what I do. Can you still repeat that on FF and if yes, what are the steps exactly?
Top
 
just brew it!
Administrator
Posts: 54500
Joined: Tue Aug 20, 2002 10:51 pm
Location: Somewhere, having a beer

Re: Amazon & Private Browsing

Tue Jul 28, 2015 5:49 am

FWIW I was able to get it to copy back and forth in Chrome, but only if both sessions were logged in.
Nostalgia isn't what it used to be.
Top
Post Reply

Who is online

Users browsing this forum: No registered users and 1 guest
GZIP: On