

Self-Destructing Cookies – add-on for Firefox - eridal
https://addons.mozilla.org/en-US/firefox/addon/self-destructing-cookies/

======
dotmanish
Please make this _non-shocking_ for non-geeks.

Upon the first run, without warning, I see this: " _If you read this, all of
your cookies that are not currently in use just self-destructed. Don 't panic.
You can undo this if you prefer to keep them for now._" . . . " _Undeletes
happen in batches. If you had a lot of cookies, you might need to restore more
batches. Click SDC 's icon again. Select Undelete (more) cookies from the
menu. Repeat this until you get a notification stating that No more undeletes
are possible._"

Couldn't the extension have simply _asked_ me once before proceeding with the
delete in the first run? Basic usability.

~~~
BoppreH
Funny you mention it as basic usability. The story on the home page with most
points is about usability and they explicitly recommend using undos instead of
confirmations: [http://goodui.org/#8](http://goodui.org/#8)

~~~
FuzzyDunlop
They recommend doing that when the user "presses an action button or link".
This is not the same as launching a browser extension.

Blindly following some person's recommendations doesn't even close to having
good UI (or UX). eg. Opting for no confirmation and providing an undo option
is an absolutely terrible idea for a 'format disk' button in an OS installer.

------
ove
I'm the author of that add-on. Maybe I can add to the discussion by outlining
my motivation for writing SDC. I'm currently in the process of compiling the
results of an automated crawl of thousands of popular sites that I did last
month. I think that every www user should be aware of this:

\- The privacy model of browsers relies on the same-origin policy. The same
origin policy is in practice routinely circumvented by active identifier
sharing. The difference between 1st party identifiers and 3rd party
identifiers has become meaningless.

\- Self-Destructing Cookies is a proof of concept for a model that _actively
derives_ the minimum set of identifiers that you need to browse the web at any
given moment. This is a possible workaround for a world without the same-
origin policy.

\- Cache abuse is rampant. The cache must be considered a store of identifying
tokens. If you use SDC, you should _definitely_ enable the automatic cache
cleaning. Set the timeout to 3 minutes or so. Remember that identifiers are
frequently shared. It only takes a single party to identify you from something
they put in your cache.

~~~
mike-cardwell
Tracking by abusing the cache is a serious problem. I've written about it
before:
[https://grepular.com/Preventing_Web_Tracking_via_the_Browser...](https://grepular.com/Preventing_Web_Tracking_via_the_Browser_Cache)

I simply turned off disk and memory caching in Firefox (details in link above)
and have been running this way for nearly two years. Browsing the web with
cache is not as efficient, but with my ~8Mbit Internet connection,
practically, I don't really notice any difference.

To get around the tracking issues, ideally, browsers would cache content, but
it would be keyed on the domain in the address bar as well as the url of the
content being cached. Also, content should be wiped from the cache when you
leave the site it is linked to, ie there are no more tabs with the site open.

~~~
Amadou
I am thinking that the RequestPolicy add-on would practically eliminate cache-
based tracking by simply blocking all requests to unnecessary 3rd party sites.
I would appreciate hearing your analysis of it.

[https://www.requestpolicy.com/](https://www.requestpolicy.com/)

~~~
mike-cardwell
I am an avid RequestPolicy user. In fact, you'll find my name on
[https://requestpolicy.com/about.html](https://requestpolicy.com/about.html)

RequestPolicy would help against this sort of attack when performed cross-
site. However, there is still a leak if a site can identify that you're the
same user they previously saw. RequestPolicy wouldn't help against this as
it's not cross-site.

------
dotmanish
Here is how I am using this:

1\. Install the add-on.

2\. Panic that it has deleted all "not open now" websites' cookies.

3\. Choose the option to "Suspend Operation" via the add-on icon.

4\. Repeatedly "Undelete" all cookies until it's all done.

5\. Keep the add-on suspended.

6\. Now, for the next few days, I will browse like normal, but will remember
to "whitelist" the websites I like to stay logged-in (Hacker News, Webmail,
etc.) by clicking on the add-on icon. Remember, it is still "Suspended".

7\. After a few days of usage (and when I've re-visited enough number of my
regular websites), I will "Resume Operation" on the add-on, where it can start
destroying the rest of the cookies like anything.

I think the "Training Period" above in point 6 should have been by default.
Somehow.

~~~
ove
Thank you for your feedback. I agree that the first-run experience makes for
quite the adventure. Until a few months ago, I also considered the idea of
starting the add-on in a paused state a no-brainer. After supporting my add-on
for some time, however,I'm not so sure about that any more. There's a huge
portion of users (probably not HN readers) that would not realize that the
add-on is paused. Pop-ups, etc. only go so far. It's really about managing
expectations and expectation mismatches. I hope that the portion of users who
care about their pre-existing cookies overlaps with the portion of users who
read the "What just happened to my cookies" blurb that pops up. I haven't had
too many angry complaints since I added the undelete feature, so it might be
working.

~~~
medde
Maybe you could show a popup, only once after the addon is activated, with a
list of the most popular websites and a check-box that could be checked if you
want to keep current and future cookies for any selected one? and maybe a
search box to add non-common ones

------
greenyoda
There's another nice cookie manager for Firefox called Cookie Monster:

[https://addons.mozilla.org/en-US/firefox/addon/cookie-
monste...](https://addons.mozilla.org/en-US/firefox/addon/cookie-monster)

It allows you to maintain a white-list of sites that are allowed to set
cookies and allows you to pick whether the cookies the site sets are
persistent or discarded at the end of the current browser session.

~~~
mehrzad
...which is a built-in Firefox feature.

~~~
wtallis
... a built-in Firefox feature with an epically bad UI. If you set Firefox to
ask whether to accept cookies from a domain and whether to keep them beyond
the end of the session, you get asked _per cookie_ not per domain the first
time you visit a site. And FF presents the questions that pop up in a stack of
modal dialog boxes, potentially _dozens_ , and sometimes they appear out of
order so you have to dig around to find the one that's willing to accept a
click, which can be difficult on account of them all being modal.

------
malandrew
Add a feature where the plugin collects all cookies that are commonly blocked
and then shares that info back to a server. With that info that plugin can get
a list of all the cookies on a page and query the server to rank those cookies
from most blocked to least blocked.

This way users of this plugin can rely on the wisdom of the crowds to quickly
see which cooks people who know better commonly block.

Should every user look over the entire list of cookies on a site? Yes, in an
ideal world. But since that isn't realistic, the best we can do is present
them with those they will mostly likely want to block right at the top.

~~~
benologist
Ghostery does that although I'm not sure if they share that data back.

~~~
malandrew
I reckon it could be stored and shared via a distributed hash table such as
Kademlia. This has the advantage of anonymizing the data. When your computer
connects to mine to get rankings for a site, it doesn't know if data I provide
is based on my decisions or the aggregate decisions of millions of people.

[http://en.wikipedia.org/wiki/Kademlia](http://en.wikipedia.org/wiki/Kademlia)

------
Udo
Cookie handling doesn't need to be this complicated. A huge part of the
solution would be if third-party cookies simply stopped working by default.
Sure, there are a lot of big corporate interests preventing this from
happening, but if you think about it there is really almost no legitimate use
for them that benefits the users.

On a related note, Chrome has a setting that simply kills all the cookies when
the browser is shut down. The price is having to log into everything all over
again, but it's not that much of a hassle in exchange for a clean plate every
morning.

~~~
icebraining
Firefox has the same setting, the problem is that many of us don't want to
restart the browser every morning. Using suspension, my browser sessions tend
to last more than a month.

------
simpleglider
Are there any comparable plugins for Chrome or Safari?

~~~
thomas-st
Chrome: I use Vanilla Cookie Manager.
[https://chrome.google.com/webstore/detail/vanilla-cookie-
man...](https://chrome.google.com/webstore/detail/vanilla-cookie-
manager/gieohaicffldbmiilohhggbidhephnjj)

Would be interested in something comparable for Safari. Anyone?

~~~
cypherpunks01
Vanilla Cookie Manager is amazing - I'd highly recommend it.

------
brownbat
I'm really stunned by the amount of development on the tracking side.

Cookies, flash cookies, evercookies, local storage, favicons, browser
fingerprinting... I'm sure there are several others.

It's stunning to me because the amount of redundant ammunition available for
trackers seems way out of proportion to how many people actually know anything
about this.

~~~
amenod
It's not (only) about that. These techniques are often used to help
advertisers combat click fraud, so it's important to distinguish the users
that just disable cookies (because they heard they are harmful) and those that
are trying to skew the click-through rates. A few years ago Google boasted
that they catch 99.97 % of click fraud on time, and I personally believe them.

Note that I am not trying to justify these techniques.

------
amrit_b
If this is added to the core (and simplified as mentioned by dotmanish), it
can eradicate the chrome fever for good. The same reason why people are using
DDG these days(btw, I do. for all my searches other than blockers while
coding).

~~~
awolf
People use Chrome because it's better than Firefox. Much better.

~~~
wtallis
Chrome sure as hell isn't better than Firefox when it comes to security or
privacy or even ad blocking.

------
treenyc
Doesn't seem to work to prevent evercookie? Anyone know a way to do that?

[http://samy.pl/evercookie/](http://samy.pl/evercookie/)

~~~
koala_advert
[https://addons.mozilla.org/en-
US/firefox/addon/betterprivacy...](https://addons.mozilla.org/en-
US/firefox/addon/betterprivacy/)

------
spindritf
> 3rd party cookie prevention is easily defeated. Sign in to Google, for
> example. You are now the proud owner of a YouTube cookie. The videos you
> view will now be linked to your account.

I'm signed into Google almost all the time and YouTube still shows "Sign in."
Re-checked right now.

Third party cookie protection seems to be working fine. It's Firefox 22 with
accept third-party cookies set to never.

~~~
ove
that was my favourite test case when i developed the add on. I'm on the road
now, so I can't verify if they still do it. it might depend on you having a
YouTube account linked to your Google account. The technique I'm referring to
involves redirecting you across other domains, allowing them to set 1st party
cookies, and then back. this happens in an instant and "feels" like a 3rd
party cookie to the user, because he does not even realize this happened. the
browser will treat it as a 1st party cookie however.

------
zobzu
This is pretty cool. Yeah that's not exactly useful feedback but I just wanted
to give you a thumbups that is more than clicking the arrow up :P

------
k_bx
As I understand -- I'll have to sign in to every website I visit each time?
(or manage white-list) Well, then it seems like a not a fit for me.

But still, thanks for reminding that I can disable 3rd-party cookies -- I just
did that for my firefox.

~~~
teeja
It needs to have 1st-party cookies enabled in FF for all sites. Now you're
setting cookies on visits that you might not have if you'd used a whitelister
only. (I sometimes visit Google and YT w/out needing any.)

My buddy Cookie Whitelist has let me decide when I need them on temporarily
for years. They're not auto-deleted until session-end, but since I've turned
off access, doesn't matter.

I _do_ like the cache-emptying feature. Decided to try what another writer
suggested, turn disk and memory caching off.

------
dotmanish
What looks to me as a counter-feature is that if I'm logged in to GMail, and
want to stay logged-in, I have to whitelist the "google.com" cookies.

Wouldn't that allow all the Adwords tracking cookies as well, across sites?

~~~
stormbrew
I wonder if a better (if probably impractical approach for in a plugin)
approach would be to scope off-site cookies to the containing page's domain.
So an ad network's cookies on facebook.com wouldn't be shared with them on
google.com. This would eliminate a lot of the "follow you around the internet"
privacy issues without forcing manual configuration.

~~~
hayksaakian
So... Blocking third party cookies?

I thought there was a big fuss about FF doing this by default or something.

~~~
stormbrew
Slightly different, really, though maybe in practice for a lot of current uses
of it, it comes out to the same thing. Scoping, though, not blocking.

------
axelfreeman
I just found the basic Firefox setting to disable thirdparty cookies from
websites i have not visited. I don't like addons if i have some build in
tools. Check the build in settings first and then install addons.

------
linuxhansl
I have _all_ cookies disabled by default, and whitelist the sites I need
cookies for. Periodically I look through the cookies and revise my decisions,
or make the whitelisting more specific.

------
corwinstephen
Clever idea... makes me wonder why no one came up with this in the past?

~~~
vmarsy
There is some equivalent for the LSO Flash cookies :
[https://addons.mozilla.org/en-
US/firefox/addon/betterprivacy...](https://addons.mozilla.org/en-
US/firefox/addon/betterprivacy/)

