It hasn't, don't worry
They are bad indeed, but we don't use them, so I didn't consider it super relevant to this discussion, mostly.
The main problem with this is us then needing to store more data about users (which we'd rather not), and even per-device data (which we'd even less want to do).
Yeah so that is not a thing at all. Cookies are (and iirc all mainstream browsers do that by default these days, more details here https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies#samesite_attribute ) limited to be read by the site who wrote them in in the first place. Another site cannot just read random cookies off your browser (your browser is the one that decides whether or not to send them to the website for requests it makes to it; so it is the ultimate authority on the matter, no matter what a shady site might try to pull).
That's a separate concern, and not nearly as black-and-white as you think. For example we do track the number of users online ourselves; not because we care about what you are reading (the data is anonymized so we couldn't find out even if we wanted, but specifically we don't care) but because we need to understand if something like a site slowness is happening out of the blue or in reaction to a massive spike; or to see a sudden drop for a country and be able to help people understand that their ISP is likely blocking us, etc.
Yes and no; many browsers (notably Safari for example) check for that. But yes, it's a technique some sites will use, not us though since we selfhost our stuff and thus have 0 need for it. It is also very much visible on the client's side when done, like so:
$ dig +short mangadex.org
45.129.229.1
45.129.229.2$ dig +short api.mangadex.org
mangadex.org.
45.129.229.2
45.129.229.1$ dig +short uploads.mangadex.org
imlb.mangadex.org.
45.129.229.5
45.129.229.2
45.129.229.6
45.129.229.1Oh yeah also that's a thing, but just as much as browser fingerprinting and other more advanced techniques that someone like Google would use. If you read the description though, it's not about cookies, but rather how to use every single possible browser data persistence option to make a cookie-like thing happen. In general just storing a unique id as a string somewhere, anywhere. So disabling cookies does nothing for that, since the whole idea is to not rely on actual cookies alone.
Sure that exists too. But while it might be morally bad (no personal opinion on the matter, and MD doesn't make use of any of that), it's mainly to help designers find out what UI elements confuse users (buttons they don't click, or unclickable elements they do try to click, etc). afaik https://www.hotjar.com/product-designer/ (click the "See what users see" section of that page to see an example) is one of the most popular such products.
🫃
This was intended as thread to talk about different methods of migrating user consents and settings to the Mangadex's cloud servers. So that every interaction with the site from a device or application that does not already have your settings stored in local storage would not cause you to have to re-select them all. This has now become the mad ravings of me my imaginary friend Mr Tinfoil Hat and what my gradual dissociation with reality is causing me to refer to as the Tristan Twins. I now fear that i have strayed so far from where i started that i can no longer tell where far i Ive come but i now know that whatever path i choose to now take it will me further from whence i came, So anyways here i go digging. I have not been making an argument against cookies or making a statement to the capability of every cookie. I have been making statements about the dangers that cookies can present when coupled with a compromised site and unprotected browser. The code that can pose as a third party cookie and hide its self potential as a first party cookie can acquire a non insignificant amount of personal data. I am not talking about Mangadex's security or a likely outcome from leaving open permissions to all cookies, the internet is vast and has the ability to make large numbers quickly become much more finite. This started with a mildly sarcastic response from to a blanket statement of just enable cookies. This then caused a series of responses from people suggesting that cookies where nothing to fear which i clearly disagreed with. Firearms experts treat every gun as loaded because they can be dangerous and to always treat them as such, security for ones property ends at the user. The buck stops at you think before you click is all that i have be trying to say. Just a reminder this dumpster fire started as a suggestion about connecting the security comic consent to the user profile, so lets keep it civil so we do not attract trolls to the fire. This has not been directed at anyone in particular.
What do you think "local" means? It's called Local Storage, because it is local to the specific web browser.
Firefox allows profiles across devices which lets the user share data across devices, i do not know if that goes beyond bookmarks, passwords and permissions which are considered local. To respond to your comments regarding security i gave links for information on the type danger programs labeled as cookie can pose i then state that the risk where unlikely. Regarding my status as a Luddite which is not the most appropriate use of the word, i have said i understand the necessity of storing data to a users computers or browsers to improve performance. Every single person who has responded to my post so far has listed first party cookies, local storage, browser settings and various programs that that make cookies safe, guess what if you need a list of things you have to do to make using something safe then it is not safe the method of operation is what is safe. all that i have stated is that allowing all cookies access to your computer with no regard to security is not best practices, yet i keep getting bonked with the Luddite hammer. I posted the Mangadex link because it is literally right at the bottom of the page and i hoped would help illustrate my belief it is a bad practice to give complete access and trust to any site regardless of how good they are because all it takes is one hack to change there cookies along with anything else. Just to be clear i know that Mangadex does not use cookies, which is what makes the number of comments about cookies on this suggestion post so out of control.
How is this still going on? If you fear the cookies so much, just delete your account and never log into any website ever again. To change cookies, is to fundamentally change how the internet functions. It is a necessary evil.
I don't know how many layers deep you have to go to get to OP's level of braincell deficiency, and I don't want to find out.
Thanks for contributing to the topic. I would think with there being so little for settings options that Mangadex could assign each option a variable between 1-225 in basic binary which would let them store all of the users setting in a very short string of code. Though they would need to programs the site to read the assigned variables as your settings and then select them for you upon logging in. I do not know how much work something like that would be for them to implement. I think it would be fairly basic though my only experiences with programing is from programming basic HTML and custom commands for database systems way back. So i do not know how much of the current design and would have to be changed to do this or how much work it would really take to employment.
Of course they can do that, but I doubt it’s high priority as it doesn’t make much difference for most users with accounts. This also does nothing for guest users, so for them they still need a frontend only solution. There’s absolutely no issue doing what MD is doing now, unless your browser is crap, but that’s another issue. So in the end it feels like a waste of time which they can put somewhere else.
Saving the settings to the severs can help save you the trouble of having to sync your home browser to a browser profile to avoid it, plus a site like Mangadex's main selling points is curation of what you are reading, are planning to read and have read, so rembering your settings a plus. people also keep bringing up the your setting preferences could change based on device but you can just give local storage priority for that, which is mainly about screen size preference between phone tab and home screens.
Eventually usually means never. Just kidding, even though it is common some planned stuff never happens because it’s so low priority compared to everything else.
Yes I know what server side settings are good for, but for some things it’s not worth the time. I’m sure there’s better analytics available, but just checking the forum there’s 75% guests right now.
Thanks funny thing is that same guy commented on my post and did not say annthing other than to enable cookies, though he updated it to local storage. looks like this thread is solved.
Because they're about different things, things like the original topic is about would essentially be just wasted space on the server so i don't see that moving from a cookie/localstorage or whatever it is in, the eventually i was talking about is pretty much the the stuff in https://mangadex.org/settings, maybe it would've been clearer if i used the reply on the specific latest posts about the server sided settings but that'd take up quite a bit of space (could've put it in a spoiler i guess)
