Upon the first run, without warning, I see this: "If you read this, all of your cookies that are not currently in use just self-destructed. Don't panic. You can undo this if you prefer to keep them for now."
.
.
.
"Undeletes happen in batches. If you had a lot of cookies, you might need to restore more batches. Click SDC's icon again. Select Undelete (more) cookies from the menu. Repeat this until you get a notification stating that No more undeletes are possible."
Couldn't the extension have simply asked me once before proceeding with the delete in the first run? Basic usability.
Funny you mention it as basic usability. The story on the home page with most points is about usability and they explicitly recommend using undos instead of confirmations: http://goodui.org/#8
They recommend doing that when the user "presses an action button or link". This is not the same as launching a browser extension.
Blindly following some person's recommendations doesn't even close to having good UI (or UX). eg. Opting for no confirmation and providing an undo option is an absolutely terrible idea for a 'format disk' button in an OS installer.
Undo instead of confirmation would be a better approach when most users would want to take the action. Here is it not established yet that the default to clear all the cookies is the acceptable choice for most users.
I'm the author of that add-on. Maybe I can add to the discussion by outlining my motivation for writing SDC. I'm currently in the process of compiling the results of an automated crawl of thousands of popular sites that I did last month. I think that every www user should be aware of this:
- The privacy model of browsers relies on the same-origin policy. The same origin policy is in practice routinely circumvented by active identifier sharing. The difference between 1st party identifiers and 3rd party identifiers has become meaningless.
- Self-Destructing Cookies is a proof of concept for a model that actively derives the minimum set of identifiers that you need to browse the web at any given moment. This is a possible workaround for a world without the same-origin policy.
- Cache abuse is rampant. The cache must be considered a store of identifying tokens. If you use SDC, you should definitely enable the automatic cache cleaning. Set the timeout to 3 minutes or so. Remember that identifiers are frequently shared. It only takes a single party to identify you from something they put in your cache.
I simply turned off disk and memory caching in Firefox (details in link above) and have been running this way for nearly two years. Browsing the web with cache is not as efficient, but with my ~8Mbit Internet connection, practically, I don't really notice any difference.
To get around the tracking issues, ideally, browsers would cache content, but it would be keyed on the domain in the address bar as well as the url of the content being cached. Also, content should be wiped from the cache when you leave the site it is linked to, ie there are no more tabs with the site open.
I am thinking that the RequestPolicy add-on would practically eliminate cache-based tracking by simply blocking all requests to unnecessary 3rd party sites. I would appreciate hearing your analysis of it.
RequestPolicy would help against this sort of attack when performed cross-site. However, there is still a leak if a site can identify that you're the same user they previously saw. RequestPolicy wouldn't help against this as it's not cross-site.
2. Panic that it has deleted all "not open now" websites' cookies.
3. Choose the option to "Suspend Operation" via the add-on icon.
4. Repeatedly "Undelete" all cookies until it's all done.
5. Keep the add-on suspended.
6. Now, for the next few days, I will browse like normal, but will remember to "whitelist" the websites I like to stay logged-in (Hacker News, Webmail, etc.) by clicking on the add-on icon. Remember, it is still "Suspended".
7. After a few days of usage (and when I've re-visited enough number of my regular websites), I will "Resume Operation" on the add-on, where it can start destroying the rest of the cookies like anything.
I think the "Training Period" above in point 6 should have been by default. Somehow.
Thank you for your feedback. I agree that the first-run experience makes for quite the adventure. Until a few months ago, I also considered the idea of starting the add-on in a paused state a no-brainer. After supporting my add-on for some time, however,I'm not so sure about that any more.
There's a huge portion of users (probably not HN readers) that would not realize that the add-on is paused. Pop-ups, etc. only go so far. It's really about managing expectations and expectation mismatches. I hope that the portion of users who care about their pre-existing cookies overlaps with the portion of users who read the "What just happened to my cookies" blurb that pops up. I haven't had too many angry complaints since I added the undelete feature, so it might be working.
Maybe you could show a popup, only once after the addon is activated, with a list of the most popular websites and a check-box that could be checked if you want to keep current and future cookies for any selected one? and maybe a search box to add non-common ones
It allows you to maintain a white-list of sites that are allowed to set cookies and allows you to pick whether the cookies the site sets are persistent or discarded at the end of the current browser session.
Moreover, using Cookie Monster you can allow cookies for second level domain names. Meaning that if you navigate to mozilla.org, cookies for www.mozilla.org will be accepted — but cookies for adnetwork.com will not.
This feature makes many sites work which otherwise break with third party cookies disabled, while still discarding the majority of third party cookies.
I don't think that that option accomplishes the same, or is even similar.
What about sites that you never visit (= type in address bar / follow links to) directly, but which are on some subdomain of the visited site nonetheless? Cookiemonster will accept the cookie. Firefox, with your config, will not.
What about sites that you do visit (eg facebook.com) but don't want to accept/send third party cookies for? Firefox, with your config, will. Cookiemonster won't.
I also use this add-on. While FF has the options too, the add-on allows me to easily access all the features and see all the details that I want to see.
The most important feature is that it's easy and quick.
... a built-in Firefox feature with an epically bad UI. If you set Firefox to ask whether to accept cookies from a domain and whether to keep them beyond the end of the session, you get asked per cookie not per domain the first time you visit a site. And FF presents the questions that pop up in a stack of modal dialog boxes, potentially dozens, and sometimes they appear out of order so you have to dig around to find the one that's willing to accept a click, which can be difficult on account of them all being modal.
Firefox does allow you to keep a white-list of cookie-enabled sites, but you have to go to the Options menu to do this. Cookie Monster let's you set cookie permissions for the page you're currently visiting by clicking on an icon in the status bar. The icon also gives you a visual indication of what the current page's settings are. It's essentially a nicer user interface on top of the built-in Firefox functionality.
Add a feature where the plugin collects all cookies that are commonly blocked and then shares that info back to a server. With that info that plugin can get a list of all the cookies on a page and query the server to rank those cookies from most blocked to least blocked.
This way users of this plugin can rely on the wisdom of the crowds to quickly see which cooks people who know better commonly block.
Should every user look over the entire list of cookies on a site? Yes, in an ideal world. But since that isn't realistic, the best we can do is present them with those they will mostly likely want to block right at the top.
I reckon it could be stored and shared via a distributed hash table such as Kademlia. This has the advantage of anonymizing the data. When your computer connects to mine to get rankings for a site, it doesn't know if data I provide is based on my decisions or the aggregate decisions of millions of people.
Cookie handling doesn't need to be this complicated. A huge part of the solution would be if third-party cookies simply stopped working by default. Sure, there are a lot of big corporate interests preventing this from happening, but if you think about it there is really almost no legitimate use for them that benefits the users.
On a related note, Chrome has a setting that simply kills all the cookies when the browser is shut down. The price is having to log into everything all over again, but it's not that much of a hassle in exchange for a clean plate every morning.
Firefox has the same setting, the problem is that many of us don't want to restart the browser every morning. Using suspension, my browser sessions tend to last more than a month.
I'm really stunned by the amount of development on the tracking side.
Cookies, flash cookies, evercookies, local storage, favicons, browser fingerprinting... I'm sure there are several others.
It's stunning to me because the amount of redundant ammunition available for trackers seems way out of proportion to how many people actually know anything about this.
It's not (only) about that. These techniques are often used to help advertisers combat click fraud, so it's important to distinguish the users that just disable cookies (because they heard they are harmful) and those that are trying to skew the click-through rates. A few years ago Google boasted that they catch 99.97 % of click fraud on time, and I personally believe them.
Note that I am not trying to justify these techniques.
If this is added to the core (and simplified as mentioned by dotmanish), it can eradicate the chrome fever for good. The same reason why people are using DDG these days(btw, I do. for all my searches other than blockers while coding).
> 3rd party cookie prevention is easily defeated. Sign in to Google, for example. You are now the proud owner of a YouTube cookie. The videos you view will now be linked to your account.
I'm signed into Google almost all the time and YouTube still shows "Sign in." Re-checked right now.
Third party cookie protection seems to be working fine. It's Firefox 22 with accept third-party cookies set to never.
that was my favourite test case when i developed the add on. I'm on the road now, so I can't verify if they still do it. it might depend on you having a YouTube account linked to your Google account. The technique I'm referring to involves redirecting you across other domains, allowing them to set 1st party cookies, and then back. this happens in an instant and "feels" like a 3rd party cookie to the user, because he does not even realize this happened. the browser will treat it as a 1st party cookie however.
It needs to have 1st-party cookies enabled in FF for all sites. Now you're setting cookies on visits that you might not have if you'd used a whitelister only. (I sometimes visit Google and YT w/out needing any.)
My buddy Cookie Whitelist has let me decide when I need them on temporarily for years. They're not auto-deleted until session-end, but since I've turned off access, doesn't matter.
I do like the cache-emptying feature. Decided to try what another writer suggested, turn disk and memory caching off.
The auto-fill for passwords still works. All the sites I have visited with the exception of Pingdom came with all the info filled in. I just had to click the button to login.
With Pingdom it asked me to reenter my timezone and site to monitor. It is like it totally lost my account without the cookie.
Yes, there's a whitelisting feature where you have to mark "Delete cookies Never for this website" while you're at that website (or there's an Options panel for this - I haven't explored enough yet).
the addon places an icon below in the browser, in the addon bar; there you can fine-tune the cookie policy for the current site, it's a two clicks operation.
Once you had setup your common sites you can completely forget about cookies.
I wonder if a better (if probably impractical approach for in a plugin) approach would be to scope off-site cookies to the containing page's domain. So an ad network's cookies on facebook.com wouldn't be shared with them on google.com. This would eliminate a lot of the "follow you around the internet" privacy issues without forcing manual configuration.
" Google uses cookies, like the PREF cookie, to help personalize ads on Google properties, like Google Search, particularly when you aren’t signed in to a Google account. We also use cookies for advertising we serve outside of Google. Our main advertising cookie is called ‘id’ and it is stored in browsers under the domain doubleclick.net. We use others with names such as _drt_, FLC, NID and exchange_uid." [1]
Wouldn't this mean that only doubleclick.net is used for advertisement tracking?
I just found the basic Firefox setting to disable thirdparty cookies from websites i have not visited. I don't like addons if i have some build in tools. Check the build in settings first and then install addons.
I have all cookies disabled by default, and whitelist the sites I need cookies for.
Periodically I look through the cookies and revise my decisions, or make the whitelisting more specific.
Really, all this is doing is updating the notion of a session cookie to account for the fact that tabbed browsing usage patterns mean that the browser process is usually much longer-lived than your visit to any one site. Browsers have long had the option to make cookies expire at the end of a session.
Upon the first run, without warning, I see this: "If you read this, all of your cookies that are not currently in use just self-destructed. Don't panic. You can undo this if you prefer to keep them for now." . . . "Undeletes happen in batches. If you had a lot of cookies, you might need to restore more batches. Click SDC's icon again. Select Undelete (more) cookies from the menu. Repeat this until you get a notification stating that No more undeletes are possible."
Couldn't the extension have simply asked me once before proceeding with the delete in the first run? Basic usability.