The Duration Time on this Cookie...
Remember to use ad blockers and DNS filters ladies and gentlemen!
Have no idea what Otto[.]de is, nor do I have any plans to find out. But god damn thats a long as time. Its the equivalent of 9993 years if anyone was wondering...
Source; Cookie of a sketchy free VPN that I'm investigating.
364
Comments50
Otto.de is a big German online retailer.
Bought a table from them once. Was not a good table.
Bought a table from IKEA once, was not a good table either. You get what you pay for.
I worked for them once. Was not a good experience.
browsers by default wont allow infinite cookies
Which is great, but do you know if that the case for Android apps too? As that is the case in this scenario?
how do you mean so? as in it's a web app? They have access to persistant storage.
I wasnt thinking clearly... Somehow was thinking they stored cookies outside the browser, then I realised thats not how it works :P Thanks for pointing it out, ill try to find out the default values for cookie-lifetime across browsers next :)
okay:)
If you don't have your browser set to delete all cookies you haven't made exceptions for, every time you close it, I don't know what to tell you. Except... "you should do that".
I use Firefox temporary containers. So not only are they deleted 5 mins after I close a tab, but different tabs don't share cookies unless I explicitly allow it or the tabs are opened from one source (e.g. open link in new tab)
Sounds good. Is that an option on desktop and mobile as well? Do I need addons?
It does not seem available on mobile. On desktop, it is an extension called "Temporary Containers". You may also want the official "Firefox Multi-Account Containers" for managing sites where you want to stay logged in.
Why?
otherwise cookies might stay on your computer for 9993 years.
I guarantee that they won't stay for that long on my computer.
Edit: nor yours, or anyone else's
The maximum age is 400 days in Chrome.
Privacy. By using containers and deleting cookies frequently, you can minimize the amount of tracking and data collecting these scum sucking corpos are doing.
Yeah but what about the other 99% of cookie use cases?
You add an exception to your browser to not delete them for that domain, if you need the cookie for the website to function.
That way your sites keep working, and everyone else putting shit in your browser gets their stuff deleted.
Speaking about sketchy and durations...
How is that relevant here tho ? Not trying to be rude i just don't get it .
OP fixed their certificate in the meantime so now I can actually see the image (without jumping through hoops to make firefox ignore the certificate error).
3650000 days looks like a honest mistake, should probably be exactly one year. Which is long, but not an eternity.
Not sure I'm following the issue with slrpnk.net cert, it's up to date my end. 5/6/2024 hasn't been yet... so its not expired hah.
I don't think 3650000 is a typo, that's four zeros away from being a year. Additionally, many of these cookies have a duration ranging from a few days all the way to 10 years or more.
The current certificate is valid from Mon, 06 May 2024 07:58:01 GMT to Sun, 04 Aug 2024 07:58:00 GMT, it has been renewed today. Click on the padlock on the address bar and click your way through to see those dates. Renewal was probably automatic, in any case there was enough of a lapse for me to stumble across the error.
Then where does the "365" come from? That's some highly specific digits.
I agree that it is an abnormal at least, it might not be meant to be 3650000, but thats what it says it is... Here is the full list if you want a peek at what I gathered yesterday. The formatting isnt great as it is taking from a spreadsheet.
It continues;
It still continues;
I guess they are not using php.
First time I encountered a Y2038 bug in the wild. And apparently they still did not fix it for some inane reason.
There's a long time to 2038, we can start to find solutions around the years 2026-2037
There isn't any reason for a site to limit the lifetime of most cookies. I have no idea why that field isn't optional.
Get an extension that will erase the cookies that you don't care about, do not abide by everything anybody on the web asks you for. And yeah, get an ad-blocker.
I'm not annoyed, I'm not using this VPN service, only doing research. However, I would appreciate it if you could link me to what you refer to with GDPR and ePrivacy setting a limited cookie lifetime!
Ayy thanks a lot for that, much appreciated! Have a great day 🌻
Jes but the company showed in OPs Image is a cookie of a German company. Otto de is like a German Amazon. And it is a GmbH so it's probably registered in Germany.
It is. But leaving it off means that the cookie will be removed when the browser is shut down.
It is just a sketchy online company. You shootouts never buy there.
OTTO is an age-old German mail order company, they started up in 1949. About 16bn yearly revenue. Second largest online retailer overall in Germany after amazon, larger than amazon in Europe when it comes to clothing. Which TBH actually surprised me I thought zalando had that one nailed down.
They also own their own parcel service (Hermes). Are they sketchy? Yes, I mean they're turbo capitalists so of course they are. More so than amazon, nope.
Wait, they own Hermes? That explains quite a lot...
They were, like Quelle, one of those mail order companies well before Internet and Amazon. They were once even quite acceptable.
They turned to the very worst, though. If you have a problem, then YOU have the problem. Parcel missing? Well, good luck. Goods are damaged? Nope.
GmbH has been shitting up the web for ~20 years now. First tracking cookie I ever blocked.
...you do know what GmbH stands for, right?
It's like LLC or Corp.
Hmm... the username. They know.
I’ll take that information to the atm machine.
FYI, GmbH isnt a specific company. GmbH is a German abbreviation, but in English refers to "company with limited liability".
I know, I’m just joking about the way windows vista used to name tracking cookies. Rather, how sites named their tracking cookies. Given the replies, I take it no one else found it as funny as I used to.
Thanks for the context, I wasn't aware, that's pretty funny!
Also wasnt aware of this context, too young i guess :P
Frrr, boycott GmbH 🔥🔥