Opened 4 years ago

Closed 14 months ago

#18681 closed enhancement (invalid)

Include and activate "Self-Destructing Cookies" Firefox add-on by default in TBB

Reported by: cypherpunks Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Very relevant, extremely compact (<100kB), GPLv2 Firefox add-on that does not negatively affect clickprint (I think). Purges cookies from closed tabs after a specified number of seconds (default is 10 I believe). Can optionally display a small notification of this purging event, which I disable.

https://addons.mozilla.org/en-US/firefox/addon/self-destructing-cookies/

I think that bundling this Add-On would be a big win for Tor Browser users and for privacy online.

Questions:

  1. How does it behave between "Private Browsing"/"Never remember history" mode and normal browsing mode? In Firefox? In Tor Browser?
  1. Are there any meaningful ways that this could create a UX problem? Obviously "Undo Close Tab" might suffer on a small minority of websites (probably VERY small), but this "problem" is not necessarily out of users' expectations anyway.
  1. Are there any meaningful ways that this could be a privacy problem a la Panopticlick? "Normal" web browsers obviously soak up tracking cookies with abandon. One potential problem situation would be, say, on an e-commerce website, where a user adds items to their Cart and is identified both by cookie(s) and a unique coded URL, and they close the tab, then do Undo Close Tab back to their unique URL. That is obviously unusual behavior for a browser, from the site's perspective, but then, so is coming from a known Tor Exit Node. As long as all Tor Browser users behave more or less consistently, it shouldn't be a problem (akin to window size profiling issues). And even in edge cases, an adversary is not provided with many data points that can correlate or extrapolate to other websites or browser tabs readily.

With those questions in mind, I remain convinced that this would be a highly beneficial add-on to include in Tor Browser.

Action items:

  1. Test the behavior of the Self-Destructing Cookies add-on in Tor Browser, in both History-saving mode and Never Remember History mode. Compare add-on notifications against local cookie jar directly (verify purging).
  1. Brainstorm and seek out meaningful examples of when this behavior might negatively affect UX or user privacy. I cannot conceive of many, if any.
  1. Make sure the thing doesn't actually try to use the network itself, or if it does, that it respects SOCKS and fails closed.
  1. What do other people think? Is this actually a terrible idea for some reason?

Child Tickets

Change History (3)

comment:1 Changed 4 years ago by teor

Can the website use the add-on to obtain the time when cookies disappear?
(Perhaps by sending repeated requests, or executing client-side script?)
This could lead to time-based attacks.

comment:2 Changed 4 years ago by cypherpunks

From the FAQ at https://addons.mozilla.org/en-US/firefox/addon/self-destructing-cookies/

Q: The add-on does not work in private browsing mode.
A: Some parts of Firefox are off-limits for add-ons while you are in private browsing mode. This includes the cookie jar for example. There's nothing I can do about this, sorry.

Tor Browser uses permanent private browsing mode by default, so this extension would be useless.

comment:3 Changed 14 months ago by traumschule

Resolution: invalid
Status: newclosed

This add-on is not compatible with your version of Firefox.
Not compatible with Firefox Quantum

Note: See TracTickets for help on using tickets.