Opened 11 years ago

Last modified 10 years ago

#909 closed defect (Fixed)

Cookie Privacy not restored

Reported by: leviathan Owned by:
Priority: Low Milestone:
Component: Applications/Torbutton Version: 1.2.0rc5
Severity: Keywords:
Cc: leviathan, arma, mikeperry, mattress Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

My usual configuration of Privacy Setting is "Accept cookies from sites" and "Keep until: I close Firefox". When switching
to tor using torbutton and back again the setting is not restored but to the default value "Keep until: they expire".
That's annoying and might be a security risk if the cookies are not strictly separated.

[Automatically added by flyspray2trac: Operating System: All]

Child Tickets

Attachments (5)

torbutton-1.2.0-dev.xpi.1 (205.1 KB) - added by mikeperry 10 years ago.
Torbutton 1.2.0-dev r18779 with cookie lifetime fix.
torbutton-1.2.0-dev.xpi.4 (228.5 KB) - added by mikeperry 10 years ago.
Torbutton 1.2.0-dev r18788 with "Ask me every time" fix
torbutton-1.2.0-dev.xpi.5 (225.5 KB) - added by mikeperry 10 years ago.
r18788 but with all locales the same.
torbutton-1.2.0-dev.xpi.6 (194.9 KB) - added by mikeperry 10 years ago.
r18788 with all locales the same and without the stray files.
torbutton-1.2.0-dev.xpi.9 (287.7 KB) - added by mikeperry 10 years ago.
Slight change to disk writing behavior…

Download all attachments as: .zip

Change History (25)

comment:1 Changed 10 years ago by mattress

I am also experiencing this behavior. If Torbutton makes a change to an "important" privacy setting when it is toggled to the "enabled" state (in this case, the cookie "Keep Until:" preference), it should really remember the original setting before it changes it, so that when it is toggled back to the "disabled" state, it can restore the original setting. With the current mode of operation, Torbutton always resets the "Keep Until:" preference to "they expire" when toggling from "enabled" state to "disabled" state, which means that Firefox does *not* delete many cookies when I exit the browser - I have to remember (frequently forget) to manually change the "Keep Until:" cookie preference back to how I want it each time that I toggle Torbutton to "disabled". I do not run with Tor enabled all the time, due to performance considerations (and the fact that it is impolite to run large downloads over Tor). Thanks for creating a great add-on! FF 3.0.6, Torbutton 1.2.0.

Changed 10 years ago by mikeperry

Attachment: torbutton-1.2.0-dev.xpi.1 added

Torbutton 1.2.0-dev r18779 with cookie lifetime fix.

comment:2 Changed 10 years ago by mikeperry

Can you guys give the Torbutton that is in the attachments tab a shot and let me know if it solves the issue?

comment:3 Changed 10 years ago by leviathan

Hi Mike,

seems to work in FF 3.0.7 (german) and 3.1b2 (english) here. The latest stable version didn't run on FF 3.1b2 (was disabled by FF). Many thanks.

comment:4 Changed 10 years ago by mattress

Hi.
Thanks for the hotfix.
However this is only two-thirds fixed. I've found that it only appears to remember the "they expire"
and I close Firefox" settings.
It does not remember the "ask me every time" setting, and in fact exhibits an odd behavior when using
that setting.

Here are my complete test results, under FF 3.07 (english), with steps in the exact sequence they were
performed:

initially set Keep until: I close Firefox, click OK
enable and disable using Torbutton
result: Keep until: I close Firefox (GOOD)

change to Keep until: they expire, click OK
enable and disable using Torbutton
result: Keep until: they expire (GOOD)


change to Keep until: ask me every time, click OK
enable and disable using Torbutton
result: Keep until: they expire (BAD)

change to Keep until: I close Firefox, click OK
DO NOT enable and disable Tor
change to Keep until: ask me every time, click OK
enable and disable using Torbutton
result: Keep until: I close Firefox (BAD)

change to Keep until: they expire, click OK
DO NOT enable and disable Tor
change to Keep until: ask me every time, click OK
enable and disable using Torbutton
result: Keep until: they expire (BAD)

change to Keep until: I close Firefox, click OK
change to Keep until: they expire, click OK
change to Keep until: I close Firefox, click OK
change to Keep until: ask me every time, click OK
enable and disable using Torbutton
result: Keep until: I close Firefox (BAD)

If "Keep until:" is set to "ask me every time" before Torbutton is used to switch Tor to the enabled
state, Torbutton does not remember the setting - and after Torbutton is used to switch Tor to the
disabled state, the "Keep until:" setting appears to revert to either of "they expire" *or*
"I close Firefox", depending on the "Keep until:" setting that was used immediately *prior* to when
"Keep until:" was changed to "ask me every time" (see sequence in last three examples above).

How strange. Why doesn't it remember the "ask me every time" setting immediately before the toggle?

Cheers.

comment:5 Changed 10 years ago by mikeperry

So the "Ask every time" isn't exactly compatible with how torbutton handles cookies in all cases. It really only makes
sense if you've set Torbutton to either manually manage cookies or if you are storing your Non-Tor cookies in a jar and
writing them to disk.

It could also conceivably apply to your Tor settings as well, but again only if you were storing Tor cookies in a jar
and writing them to disk.

I'm thinking that is going to get confusing, and I'm thinking about popping up a warning and just saying that the ask
setting is not supported, unless you have a suggestion as to a user-intuitive way that torbutton should behave when
that option is selected in both Tor and Non-Tor.

comment:6 Changed 10 years ago by mikeperry

Actually, I'm going to take my best shot at this and upload a new snapshot. You can tell me if it makes sense to you.

It's going to change some torbutton cookie settings on the fly, which may or may not be surprising to you (and may or may
not be correct.. These codepaths are tricky).

Changed 10 years ago by mikeperry

Attachment: torbutton-1.2.0-dev.xpi.4 added

Torbutton 1.2.0-dev r18788 with "Ask me every time" fix

comment:7 Changed 10 years ago by mikeperry

Ok, try the second attachment (r18788). Please test it thoroughly and check out the interaction with the
Torbutton cookie security settings tab and see if that is all sane.

These two settings are related and I need to keep them synchronized in a way that makes sense and doesn't give
the user a false sense of security with respect to cookies being stored on disk or otherwise persisting. I've
tried to do this in a way that makes sense to me, but maybe it won't make sense to regular users...

Note that the attachment is english-locale only at the moment. Hopefully that isn't a problem.

comment:8 Changed 10 years ago by mattress

Hi Mike,

I tried to install the new attachment, but it will not install. After Firefox restart, Torbutton does not start,
and it does not appear in the list of add-ons. I tried it three times, even after a reboot. Installing the
first attachment still works fine, and Torbutton starts. FF 3.0.7 - it's en-GB locale - I'm not sure if that
makes a difference to the install.

Changed 10 years ago by mikeperry

Attachment: torbutton-1.2.0-dev.xpi.5 added

r18788 but with all locales the same.

comment:9 Changed 10 years ago by mikeperry

Hrmm.. not sure why en-GB would break it because we don't even provide any other english locales other than en-US.

But I've uploaded a new xpi that resets all locales to have the new en-US ones just in case. Can you try that one
and let me know?

comment:10 Changed 10 years ago by mattress

Hi Mike,

The latest attachment doesn't work for me either with FF 3.0.7. I also tried it on another PC running Vista SP1,
with FF 3.0.6 (english), which had never had Tor or Torbutton installed - I installed Tor & Vidalia, and then
the latest attachment - Torbutton did not start, and does not appear in the list of add-ons. The first
attachment (18779) works fine. I'm guessing that whatever changes you put into 18788 cause a problem for the
install. Don't know what platform and version you've successfully tested it on.

If the extra complexity is causing a problem, then I'd be OK with 18779, but I think you'd need to document the
incompatibility with "ask me every time" somewhere, to avoid getting future bug reports from others about that
setting getting changed by the toggle.

What I see with 18779 is that Tor cookies are always handled as "Keep until: I close Firefox" - which seems to
mean that they get deleted when Torbutton toggles it to disabled state - after disabling and re-enabling using
Torbutton, all the cookies from my *previous* Tor session are gone. Others may disagree, but I think that's
acceptable, in which case what I'd look for is to just ensure that the non-Tor cookie setting is re-instated
when Tor is disabled (right now it is only ever reset to "they expire" or "I close Firefox", never to "ask me
every time", as I described in my long comment of March 5th). Just my 2 cents. I accept that it's a lot more
complex than that under the hood!

Thanks for your time.

comment:11 Changed 10 years ago by mikeperry

Oh, I just noticed that the attached torbutton had a file in it that is invalid in windows (I accidentally created the
file '\' while editing). I'm about to attach another torbutton that should fix this.

Please don't go away, in case this problem is something else specific to your system we'll need to get worked out.
Otherwise the 1.2.1 release might not work for you at all :)

Changed 10 years ago by mikeperry

Attachment: torbutton-1.2.0-dev.xpi.6 added

r18788 with all locales the same and without the stray files.

comment:12 Changed 10 years ago by mikeperry

Ok, just tested it on a windows machine. The fourth one works for me, and the third one did not. Must have been the
stray file.

Please give it a try and let me know what you think with how changing the firefox cookie settings interacts with the
torbutton 'Security Settings->Cookies' tab and general behavior.

comment:13 Changed 10 years ago by leviathan

Seems to work here on a Mac with 3.1b2, english system setting. Cookies are restored and deleted when closing FF. Thanks, very cool! :-)

comment:14 Changed 10 years ago by mattress

Hi Mike,

The latest version installs and runs fine for me now, and it preserves the "ask me every time" setting across
state changes. Thanks!

For completeness, I ran tests to check the value of "Keep until" on toggle from disabled to enabled and back
again. I see some strange behaviour - this is what I see...

initial setting: Keep until: I close Firefox
toggle to enabled
result: Keep until I close Firefox
toggle to disabled
result: Keep until I close Firefox

change to: Keep until ask me every time
toggle to enabled
result: Keep until ask me every time
toggle to disabled
result: Keep until ask me every time

All good so far.

change to: Keep until I close Firefox
toggle to enabled
result: Keep until they expire (changed from the disabled setting - why??)
toggle to disabled
result: Keep until I close Firefox (back to original)

It seems that setting "ask me every time", and then switching back to "I close Firefox" causes Torbutton to
change the setting in "enabled" state to "until they expire", instead of leaving it as "I close Firefox".
This is not something I'd normally do - I only did it to see what would happen when changing the setting
back and forth.

I think you should try the test sequence above, changing the setting, toggle, check the setting to see if it
changed, then toggle back and check it again. I wonder if the state value is getting changed indavertently by
some other operation, which is perhaps modifying the wrong location? It could be something in the recent changes.

comment:15 Changed 10 years ago by mikeperry

Actually, this is probably due to your Tor Cookie settings. Can you let me know what those are set to? You
probably have "Don't write Tor cookies to disk" unchecked. Which means your Tor cookies will get written to
disk, and will be kept until they expire.

comment:16 Changed 10 years ago by mattress

The reason why the behaviour I described in my last message was happening was because I had "Store both Tor
and Non-Tor cookies in protected jars (dangerous)" set. I have no idea how this came to be set - possibly by
one of the earlier attachments? I don't recall setting it, but I guess I could have done at some point.

Anyway, *if* that option is set, *and* the cookie preference is changed to "ask me every time", then Tor button
*automatically* un-checks "Do not write Tor cookies to disk" - and it *leaves* it un-checked, even when the
cookie preference is changed back to either "I close Firefox" or "ask me every time". If Torbutton is then
used to toggle to enabled state, the cookie preference in enabled state is always set to "they expire", as I
described, even when the cookie preference in disabled state is "I close Firefox".

Anyway, I've restored the Torbutton settings to the Default, and with that setting it all hangs together
properly.

Thanks for all your help with this Mike!

comment:17 Changed 10 years ago by mattress

Correction: in my previous comment, where I wrote:

cookie preference is changed back to either "I close Firefox" or "ask me every time".

I actually meant this:

cookie preference is changed back to either "I close Firefox" or "they expire".

comment:18 Changed 10 years ago by mikeperry

Yeah, this is where it starts to get sticky. Depending on what you change that pref to during non-tor and tor
usage, different users are going to expect different things, depending on what they've set their tor prefs to,
and the current tor state. It has to be set to write cookies to disk when you are asked, because if you want
to keep a cookie, it needs to be written..

I've changed it a bit so that if you change it to "I close firefox" during Non-Tor, then both write-to-disk
settings should get disabled.. But if you change it during Tor usage, it only affects the Tor-side cookie prefs.

The new addon is attached.

Changed 10 years ago by mikeperry

Attachment: torbutton-1.2.0-dev.xpi.9 added

Slight change to disk writing behavior...

comment:19 Changed 10 years ago by mattress

Verified the new attachment as working correctly. Thanks!

comment:20 Changed 10 years ago by mikeperry

flyspray2trac: bug closed.
Hurray! Will appear in 1.2.1

Note: See TracTickets for help on using tickets.