Paolo AmorosoMar 23

Yesterday, when I opened Gmail in Firefox on Linux, I found myself logged out of my Google account.

In place of Gmail was a landing page extolling the virtues of Gemini in Gmail and providing prominent options only for signing up or creating a new account. I managed to follow a less prominent option to just sign into Gmail. I dont know how but, although I ended up in the account recovery flow rather than the login flow, I still managed to sign in.

Tech giants are throwing every dark pattern at forcing AI. This is known, no surprise here. But there's something else I don't understand.

In addition to my Google account I found myself logged out of all my accounts on unrelated sites I was signed into from Firefox, even in multi-account containers. Even non Google sites with no Google account or Gmail address in the credentials. How did they do that?

#gmail #google #gemini #ai #askfedi

Show threadπŸ’™πŸ©·πŸ’œβ’·β“‘β“”β“£β“£πŸ‘πŸ‰πŸ§Mar 23
@[email protected] delete the file where all the cookie info is stored (that's my guess)

"Inside your Firefox profile folder, you’ll find a file that specifically handles cookies. Historically, Firefox used file: cookies.sqlite"

https://en.fmyly.com/article/where-are-the-cookies-stored-in-firefox/
Where are the Cookies Stored in Firefox? A Deep Dive for Users and Developers - Fmyly

Ever found yourself wondering, "Where are the cookies stored in Firefox?" It’s a question that might pop up when you’re troubleshooting a website login issue,

Fmyly
Show threadPaolo Amoroso
@brettm Can any website delete that file?
Mar 23 at 11:28amWeb
Show threadπŸ’™πŸ©·πŸ’œβ’·β“‘β“”β“£β“£πŸ‘πŸ‰πŸ§Mar 23
@[email protected] it should not be able to. But bear in mind Google pays Firefox a lot of money and tells them what to do, Also, Firefox is millions of lines of constantly-changing code, some of which insanely is "written" by LLMs
Show threadPaolo AmorosoMar 23
@brettm That's possible, but I wonder why the security community didn't notice such a vulnerability.
Show threadπŸ’™πŸ©·πŸ’œβ’·β“‘β“”β“£β“£πŸ‘πŸ‰πŸ§Mar 23
@[email protected] i am sure there are thousands of security vulns in every giagantic modern browser that no security community has found yet
Show threadPaolo AmorosoMar 23
@brettm Okay but this is really major.
Show threadπŸ’™πŸ©·πŸ’œβ’·β“‘β“”β“£β“£πŸ‘πŸ‰πŸ§Mar 23
@[email protected] i suppose it is. So used to big companies riding roughshod over everyone that I didn't think too much about it!
Show threadπŸ’™πŸ©·πŸ’œβ’·β“‘β“”β“£β“£πŸ‘πŸ‰πŸ§Mar 23
@[email protected] sidenote i did notice over the past year that even when "don't aklow this app to change settings is selected" Chromium still was able to change Android settings, it must have been messing with my DNS because people's Fedi pages were almost impossible to view via any Android browser. Even with no Chromium running in background. As soon as I deleted Chromium pages loaded normally again.
Show threadBojidar MarinovMar 24
@amoroso @brettm If I may, I would say it is much more likely that Firefox itself deleted all cookies and not that a specific website did so.
You can delete cookies with the "Refresh Firefox" button or with the "Clear browsing history/data/cache" buttons, or even with the "Clear history/data on exit" options. In addition, if anything happens to the cookie file that would leave it corrupt, Firefox will recreate it.
..A vulnerability allowing this kind of file access would be wasted on cookies.
Show threadPaolo AmorosoMar 24

@bojidar_bg I wonder what may have triggered that. I've been using web browsers since NCSA Mosaic 1.1 and I'm reasonably sure I haven't performed any explicit action to clear the cookies or data.

@brettm