Newegg.com is stalking me

[Gonad the Barbarian]

How can Newegg remember my recently viewed items despite deleting all their cookies? I'm using Firefox with adblock plus, no script, and ghostery. Third party cookies are disabled as well as tracking. Cache is emptied on browser close. This is really bothering me, something here isn't behaving.

Edit: I clicked on a Newegg item page listing that's in my recently viewed list in my Firefox history to forget it. I just wanted to forget that one page but it ended up forgetting all my Newegg history. But that killed off the whole recently viewed item list that's shown towards the bottom of Newegg's main page. So Newegg's home page is apparently directly accessing stored browser history. I feel this is... not OK.

Edit 2: I tried this in Chrome. The recently viewed items on newegg.com go away by deleting cookies/cache but without having to also delete browsing history. Can someone else confirm what I'm finding here?

 

[ninaholic37]

Was going to try to replicate this, but then remembered that Newegg layout sucks way too much. You are very strong for being able to navigate badly designed sites like this without getting angry and ragequitting 3 seconds into the process.

 

[Gonad the Barbarian]

Maybe I should change the thread title to "Firefox has a big mouth" because it seems the root of the problem is there. Someone please come in here and tell me I'm overlooking something and Firefox isn't blabbing our browsing histories to every website we visit.

 

[Spacehead]

OK, i went to Newegg & allowed session cookies for-
www.newegg.com
content.newegg.com
& viewed an item, a phone.

Went back to the main page & the phone was listed in "recently viewed".
Deleted the 2 cookies listed above & went back. There is no "recently viewed" items now.

I'm on the latest FF with the same extensions you have.

 

[Chiefcrowe]

Just tried this, and after clearing my cookies the recently viewed items are gone.

Does the same thing happen in a different user profile?

 

[YBS1]

I think if you're a common enough customer they remember the IPs you've logged in from even. I can look at something on my phone without logging in or anything and later on that night on my pc they will be displaying "targeted" items similar and such, "deal about to expire" emails, etc. I'm ok with it.

 

[Gonad the Barbarian]

It's not by IP because I have another computer with a different recently viewed list.

And the list is not there if I open newegg.com in a private window.

If I right-click newegg.com, choose page info, then security, then view cookies, and delete all those cookies, the recently viewed list is still there if I refresh the page. The list is still there if I close it after deleting the cookies instead and then go back to newegg.com. I've verified there are no newegg.com cookies by viewing all cookies before going back to the page.

If I delete newegg.com & content.newegg.com from the view all cookies window, the list still persists.

The only way I've gotten the recently viewed list to go away was to "forget this site" in my history.

 

[Ketchup]

I had a question similar to this:
http://forums.anandtech.com/showthread.php?p=37565854#post37565854

I think part of it is that, if you have a Newegg account, it saves your location, even if you are not logging it. And the other part, as you know, is cookies on your own machine.

 

[Gonad the Barbarian]

OK, i went to Newegg & allowed session cookies for-
www.newegg.com
content.newegg.com
& viewed an item, a phone.

Went back to the main page & the phone was listed in "recently viewed".
Deleted the 2 cookies listed above & went back. There is no "recently viewed" items now.

I'm on the latest FF with the same extensions you have.

I'm just not able to replicate this after trying multiple times. I even did a safe mode restart with all add-ons disabled. My list stays despite deleting those cookies.

OK, I added an item from my recent list to my cart. I then deleted those two cookies and refreshed the page. My cart emptied, my recent list remained. WTF is going on?

 

[Fardringle]

It sounds to me like your Firefox installation (and not Firefox in general, because nobody else can replicate it) is not actually deleting the cookies when you tell it to. Have you tried going to the Firefox temp folder and manually deleting the files to see what happens?

 

[Gonad the Barbarian]

I'm replicating this very same behavior on two other computers, one I just installed Firefox on for the first time.

This is a virgin install, no addons, with only the "block third party cookies" setting changed.

I clear all history. I go to newegg.com, click on an item, add it to cart, then click the newegg logo to go back to the main site. I now have the item shown in my cart and in my recently viewed list. I go to options, privacy, show cookies and delete (remove selected) all the cookies listed: newegg.com & secure.newegg.com and then refresh the page. Item is gone from the cart, item is still listed in the recently viewed list.

Using "remove all" instead of "remove selected" for each entry will empty both the cart and recently viewed list. So is this a bug with Firefox? Or is newegg doing something sketchy to circumvent proper cookie management?

 

[Spacehead]

Just for the record i was not logged in to Newegg while doing this.

Wondering... on the Newegg page-right click-page info-permissions page. Is there any setting there that would cause this?

 

[Gonad the Barbarian]

Well changing the set cookie permission to allow for session should clear it after restarting Firefox but it doesn't. Outright blocking cookies for newegg.com does seem to stop the the recent list from being created, but you can't add anything to cart either.

Bottom line, cookie info is being retained despite manually deleting the cookies. Who do we tell?

And is newegg the only site at issue here?

 

[Spacehead]

I just went to Amazon, looked at a few items to get the recently viewed area populated, deleted Amazon cookies & nothing shows up in the recently viewed area.
Again, i was not logged in or added anything to my cart.
Session cookies only if that matters.

I'm using Firefox with adblock plus, no script, and ghostery.

Are those your only extensions? No cookie handling extensions?

 

[Gonad the Barbarian]

Yeah, I run selective cookie delete on my main install, which is why I knew something was up. Other than a select few my cookies get deleted on close. I thought one of the recent FF updates had broken it until looking further into it today. Newegg is the only site I've noticed not behaving.

 

[balloonshark]

I'm using palemoon version 25.5.0. If I go to newegg and look at two items and then go to newegg.com and if I just delete newegg cookies in options I can duplicate your findings and I see those two items if I refresh the page. If I "delete all cookies" in options I can't replicate the problem and I don't see my previously viewed items. I'm not sure if this is by design or a bug.

 

[Gonad the Barbarian]

Well I just tried to replicate this behavior in Chrome and delete the specific newegg cookies and that clears the recently viewed list there. I guess it's an FF bug.

 

[JEDIYoda]

a lot of paranoid peeps.....I mean like..I`m just saying...well you know.....para-noid!!

 

[John Connor]

Try the Betterprivacy addon for Firefox. They could be tracking your IP or the brwoser isn't working for crap to delete cookies and cache. Run Ccleaner once.

I have cookies delete when I leave a page and everything gets wiped on exit. I have the cache off! Now despite this and running Ccleaner it still shows crap in Ccleaner! I don't understand that. But the browser shows no cookies. I use Pale Moon.

Edit- Another addon you might want is self destructing cookies. If you use this go to it's options and turn off notifications. It will be VERY annoying with that on.

I had Ghostry, but it broke waaay too much crap. After all, I use NoScript so that's pretty much the same thing.

You also might want to check out Sandboxie. Once you close your browser EVERYTHING is GONE! I would allow access to the profile in the Sandboxie settings though. Otherwise addon updates will have to be applied without the use of Sandboxie. You also need to update the browser without sand boxing it. Otherwise updates won't stick.

 

[John Connor]

I'm using palemoon version 25.5.0.

You do know the current version is 25.7?

 

[energee]

This thread is old, but I just experienced the behavior described by the original poster after clearing my cookies in Firefox and wanted to know why, so I thought I'd share my findings.

It turns out that the issue is related to "local storage" introduced in HTML5, and in the case of the OP (and mine as well), Firefox's policies for controlling access and retention of this data. Rather than provide separate configuration options, the developers of Firefox decided to tie local storage to cookie permissions, and it's handled very poorly in my opinion. For detailed information, I suggest looking at the following link: http://superuser.com/questions/629525/how-to-control-websites-use-of-localstorage-in-firefox

 

[russ6150]

Like energee said, did you clear out your HTMLK5 local storage? There are tons of ways they can ID you now.

Pay a visit to the EFF page and check out the Canvas API, among other things. If you visit a site with javascript enabled in your bowser, and the site is taking advantage of the Canvas API, they can fingerprint your device with a scary degree of precision.There are browser addons available to either block access to the API, ask permission to access it, or provide a faked readout from the API.

Just when you think you're all squared away...

 

[John Connor]

https://browserleaks.com/canvas

Preventing canvas fingerprinting entirely
Your first instinct is probably to grab a browser extension that prevents the canvas image from loading. If it doesn’t load, they can’t track you – right?

Wrong. Preventing the canvas image from loading is an identifier in itself. Although the canvas fingerprint will not be sent, the fact that you did not load the canvas image will be. So, you will be sorted into a very small group of tech-savvy users who are also blocking fingerprints, and from there, your ordinary fingerprints will sometimes be enough to identify you completely.

https://multiloginapp.com/how-canvas-fingerprint-blockers-make-you-easily-trackable/


https://addons.mozilla.org/en-US/firefox/addon/no-canvas-fingerprinting/

 

[russ6150]

That's why (when I feel the need), I spoof my canvas readout. A TON of my net activity requires no javascript as well. I've also gone to great lengths to silence my browser. Even when everything is unchecked in FF and Ice Weasel (browser health, telemetry, safe browsing etc..) FF browser still communicates to a few other subdomains of Mozilla.(com/org/net). I've found an extremely simple way of making the Windows / Linux hosts file actually work for SSL/TSL traffic, so when at "idle", my devices are, if I want them to be, dead quiet.

But, to be clear, I put energy into these things because I enjoy this kind of stuff. Pouring over Wireshark dumps is my idea of a good time. It's also all relative to how I intend to make a living.

And folks need to know that all this stuff is a trade-off. Browsing to and fro, willy-nilly with safe browsing turned off, unchecking the box that enables querying OSCP responders is probably not the way to go for most people. (and certainly not for me all of the time)

 

[R0H1T]

Like energee said, did you clear out your HTMLK5 local storage? There are tons of ways they can ID you now.

Pay a visit to the EFF page and check out the Canvas API, among other things. If you visit a site with javascript enabled in your bowser, and the site is taking advantage of the Canvas API, they can fingerprint your device with a scary degree of precision.There are browser addons available to either block access to the API, ask permission to access it, or provide a faked readout from the API.

Just when you think you're all squared away...

There's only one, that I know of, available for webkit based browsers. I believe Firefox readout can be prevented using noscript as well, not totally sure about it though.