Merezhyvo browser

domubpkm

@pparent I tested this link, because this site interests me a lot Works under Qt6 and not Qt5 for your info. And so that this is at the same time, maybe your thoughts can help to find the problem for Merezhyvo browser

domubpkm

@naz.r Hello. What is the current situation of cookies in the browser ?

naz.R

@domubpkm said in Merezhyvo browser:

@naz.r Hello. What is the current situation of cookies in the browser ?

Hello. It's pretty standard for Chromium based browsers. What exactly do you mean, could you please be more specific?

gpatel-fr

@naz.R said in Merezhyvo browser:

webrtc leak
even using Tor.. Our Public address ip shown.

Added to the list, thanks again

Hello @naz.r

noticed you never replied on this topic. I don't know anything on this matter, however I have seen opinions about that saying it was impossible to really hide IP address with webrtc, it was a problem with webrtc, not browsers implementing it. Out of curiosity, what's your point of view on this ?

domubpkm

@naz.R In terms of security:

• can they be deleted if we decide?
• are the tabs independent of each other in terms of cookies. For example, can cookies from one web page «see» what another web page is doing?

naz.R

@domubpkm said in Merezhyvo browser:

@naz.R In terms of security:

• can they be deleted if we decide?
• are the tabs independent of each other in terms of cookies. For example, can cookies from one web page «see» what another web page is doing?

In Merezhyvo you can wipe everything the browser has stored for a site with one click.
Each tab has a “Delete all data and close” button (with broom and x-mark icon one). When you click it, the browser deletes all data it has for that site (cookies, local storage, cache, etc.) and then closes the tab.

Right now there isn’t a separate option to delete only cookies while keeping other data, but full site wipe is always available per tab.

About cookies and tab independence

Tabs are not completely isolated from each other – cookies are shared per browser profile, not per tab.

If you open the same website in two tabs (for example, example.com), they will see the same cookies. That’s how things like “stay logged in” work across tabs.

One website cannot read cookies of a different website (for example, example.com cannot read cookies of bank.com). This is enforced by the browser’s same-origin security rules.

However, if several sites all include the same third-party scripts or trackers, those third parties can use their own cookies to recognize you across sites.

Trackers blocking task, including third-party cookies blocking, is still iт my ToDo list, so for now it is like that.

In short: you can always fully wipe data for a site from a tab, and websites can’t directly read each other’s cookies, but tabs do share the same cookie jar for the same site.

naz.R

@gpatel-fr said in Merezhyvo browser:

@naz.R said in Merezhyvo browser:

webrtc leak
even using Tor.. Our Public address ip shown.

Added to the list, thanks again

Hello @naz.r

noticed you never replied on this topic. I don't know anything on this matter, however I have seen opinions about that saying it was impossible to really hide IP address with webrtc, it was a problem with webrtc, not browsers implementing it. Out of curiosity, what's your point of view on this ?

Actually, "Added to the list" was my reply there.

Yes, right webRTC IP leak is the issue of the technology itself. So the approach is simple: if someone really cares about hiding their IP, the only fully honest option is to disable WebRTC entirely.

In Merezhyvo I plan to make WebRTC configurable and very straightforward:

• Always enabled – WebRTC works normally.
• Always disabled (hard) – WebRTC APIs are effectively turned off.
• Disabled (hard) when Tor is enabled – if you use Tor in the browser, WebRTC is cut off to avoid surprises. And vice versa, if Tor is off, then webRTC is on.

I am working on it and hope to include it into the next release.

domubpkm

@naz.R said in Merezhyvo browser:

However, if several sites all include the same third-party scripts or trackers, those third parties can use their own cookies to recognize you across sites.

Trackers blocking task, including third-party cookies blocking, is still iт my ToDo list, so for now it is like that.

Thanks for the explanation. It is therefore up to everyone to decide whether they want currently to open several tabs at the same time, especially in the case of personal accounts.

naz.R

@domubpkm said in Merezhyvo browser:

@naz.R said in Merezhyvo browser:

However, if several sites all include the same third-party scripts or trackers, those third parties can use their own cookies to recognize you across sites.

Trackers blocking task, including third-party cookies blocking, is still iт my ToDo list, so for now it is like that.

Thanks for the explanation. It is therefore up to everyone to decide whether they want currently to open several tabs at the same time, especially in the case of personal accounts.

I think I have to add here following:

Merezhyvo has one extra twist:
For performance on phones, the browser keeps only one active tab at a time.
When you switch to another tab, the previous one is deactivated and stops running code.

So in practice:
Sites still share cookies in the usual “per domain” way,

But there is never a moment when two different tabs are actively running JavaScript in parallel, only the currently selected tab is alive and executing.

domubpkm

@naz.R said in Merezhyvo browser:

So in practice:
Sites still share cookies in the usual “per domain” way,

But there is never a moment when two different tabs are actively running JavaScript in parallel, only the currently selected tab is alive and executing

I understand (I think) what you're saying, but does this change anything about the action / effect of third-party cookies?
Does this mean that even if they are there, they are asleep and have no negative spying action?

naz.R

@domubpkm said in Merezhyvo browser:

@naz.R said in Merezhyvo browser:

So in practice:
Sites still share cookies in the usual “per domain” way,

But there is never a moment when two different tabs are actively running JavaScript in parallel, only the currently selected tab is alive and executing

I understand (I think) what you're saying, but does this change anything about the action / effect of third-party cookies?
Does this mean that even if they are there, they are asleep and have no negative spying action?

no, it doesn't
the third-party cookie blocker is going to be in the next release after the next one, I believe.