MozillaZine

[Ext] Cookies Exterminator

Announce and Discuss the Latest Theme and Extension Releases.
JustOff

User avatar
 
Posts: 56
Joined: February 13th, 2014, 4:23 am

Post Posted November 3rd, 2016, 9:39 am

Image

Cookies Exterminator automatically erases cookies and localStorage objects when they are no longer used by open browser tabs. You don't need to use any blacklists and be concerned about how they are up to date - the unwanted data will be removed on the fly. This will help to defend browser from the most known tracking techniques used on the web and to increase privacy.

Cookies Exterminator is written in pure javascript without SDK and has no scheduled background tasks, so it runs fast, uses little memory and can be installed in either Firefox, SeaMonkey or Pale Moon. If you have used Self-Destructing Cookies addon, white and grey lists will be automatically imported from it on first run.

Full description is on AMO
.

streetwolf

User avatar
 
Posts: 2093
Joined: August 21st, 2011, 8:07 am
Location: NJ (USA)

Post Posted November 3rd, 2016, 11:15 am

Works very well. I was a user of SDC but that stopped working for me a while back. I hope you plan on making a Web Extensions version.
Intel i7 Quad Core 3770K @ 5Ghz|ASUS P8Z77-V Deluxe|Corsair 1050W PSU|Corsair H100iV2 CPU Cooler|Corsair 16GB RAM|Sapphire Nitro R9 390 8GB|DUAL ASUS PA249Q IPS 24" LCDs|Samsung SSD 830, 840 256GB|2TB Seagate|Windows 10 Pro x64|AMD Crimson 17.10.1|FIOS 1Gb Internet

JustOff

User avatar
 
Posts: 56
Joined: February 13th, 2014, 4:23 am

Post Posted November 3rd, 2016, 4:35 pm

Thank you! Let's first survive the e10s)

streetwolf

User avatar
 
Posts: 2093
Joined: August 21st, 2011, 8:07 am
Location: NJ (USA)

Post Posted November 3rd, 2016, 5:59 pm

I think CE isn't clearing out Local storage. I'm assuming that local storage is at "C:\Users\garys\AppData\Roaming\Mozilla\Firefox\Profiles\bmiy16r2.default\storage\default". At the moment I have an entry for weather.com. The folder is https+++weather.com. weather.com isn't on my whitelist. The cookie in cookies.sqlite is being deleted.

CCleaner has a cookie viewer and it displays it has a cookie. It deletes the cookie too when I clean.
Intel i7 Quad Core 3770K @ 5Ghz|ASUS P8Z77-V Deluxe|Corsair 1050W PSU|Corsair H100iV2 CPU Cooler|Corsair 16GB RAM|Sapphire Nitro R9 390 8GB|DUAL ASUS PA249Q IPS 24" LCDs|Samsung SSD 830, 840 256GB|2TB Seagate|Windows 10 Pro x64|AMD Crimson 17.10.1|FIOS 1Gb Internet

JustOff

User avatar
 
Posts: 56
Joined: February 13th, 2014, 4:23 am

Post Posted November 4th, 2016, 2:32 am

Local storage data is in the <profile folder>/webappsstore.sqlite file, and <profile folder>/storage/* points to different storages: IndexedDB, asm.js cache and Cache API. Cookies Exterminator currently handles only cookies and localStorage, so yes, there is room for improvements.

UPD: You can use Web Storage Viewer to view both localStorage and Cookies.

ltcomdata
New Member
 
Posts: 1
Joined: November 28th, 2016, 8:28 pm

Post Posted November 28th, 2016, 8:43 pm

A bug/improvement request. (i am using Pale Moon, in case that is relevant). Some websites send you to a different website in order to complete a purchase transaction. Then the second website returns you to the first website to confirm your transaction. But CE deletes the cookies of the original website before you are returned. This results in the original website not recognizing you at all, much less acknowledging that you ordered and paid for service. Self-Destructing Cookies didn't seem to have this problem. I don't know how they got around it: knowing that they had to keep the cookies of the original website until after the secondary website returned you to the primary. It was a nifty feature of SDC, which I hope CE can dupllicate/implement.

Thanks!

JustOff

User avatar
 
Posts: 56
Joined: February 13th, 2014, 4:23 am

Post Posted November 29th, 2016, 8:20 am

In order to support cross-site transactions SDC keeps cookies for last 5 sites from history in each tab. This leads to preserving of unobvious cookies that you can't easily track, but which can track you. Imagine you looked for something with Google and then opened link from search result in the same tab. After that your browser is poisoned by Google until you have closed that tab or walked across 5 different sites.

CE intentionally acts otherwise and for cross-site transactions I recommend to use private private tabs or windows.

gfhfgfdfdh
 
Posts: 10
Joined: March 21st, 2011, 1:01 pm

Post Posted November 29th, 2016, 11:14 am

streetwolf wrote:Works very well. I was a user of SDC but that stopped working for me a while back. I hope you plan on making a Web Extensions version.


SDC stopped working for you? For me it still seems to work fine in Firefox 50 - please tell details.

@JustOff:

Maybe there could be a blacklisting or whitelisting approach to this? Do SDC and CE not delete cookies of private tabs at all?

JustOff

User avatar
 
Posts: 56
Joined: February 13th, 2014, 4:23 am

Post Posted November 29th, 2016, 1:37 pm

gfhfgfdfdh wrote:Maybe there could be a blacklisting or whitelisting approach to this?

Too many lists will only confuse, imho. Much easier to open private tab/window or even temporary disable active mode.
Do SDC and CE not delete cookies of private tabs at all?

Yes and it's mentioned in the descriptions of both.

Prekkis
 
Posts: 8
Joined: December 9th, 2016, 6:12 am

Post Posted December 9th, 2016, 7:29 am

I trying to decide which addon I could use for automatic cookie cleaning and your addon is one of them. Few questions came up:

  1. You state in the addon description the following: "Cookies Exterminator can't remove cookies when privacy option in browser is set to custom settings for history and custom policy for cookies is enabled."

    I have "custom settings for history" enabled, "accept cookies from sites" enabled, "accept third-party cookies" set to NEVER, and "keep until" set to THEY EXPIRE. And no cookies "Exceptions" set.

    Everything seems to work just fine with your addon. Not whitelisted/open sites cookies/LocalStorage is cleared automatically after the delay I have set. Have I understood something incorrectly?

  2. Can I ask why your addon version history starts at version 2.7.4?

  3. I like that you have the whitelist in "prefs.js" file and not in "Exceptions". This allows the user to clear "Site preferences" automatically when Firefox closes (clearing site preferences deletes also cookies exceptions, SDC addon uses "Exceptions/site permissions" for the whitelist and thus I can't use it if I want to clear "site preferences" on exit). Is it going to be like this for the future or are you planning to change the whitelist save location/system?

  4. Are you planning to add "<profile folder>/storage/*" clearing to your addon, or create another addon? A simple addon which could clear ALL the myriad "storage" systems baked into browsers nowadays would be great. Currently I don't know how to clear that storage automatically (haven't had the time to find out yet because I've been fighting with cookies/localStorage/HSTS "supercookies" cleaning).. or whether it can be disabled completely, or is it even "safe" to disable it.

  5. About the "cross-site transactions" issue, I personally would have liked the SDC addon approach. But, I think I could just set the delay in your addon to 300 seconds (5 minutes) and I think that everything will work out just fine. 5 minutes is more than enough for cross-site transactions, well at least to those I use, mainly Paypal. And I think that the 5 minutes to keep old cookies is not that bad at all, it's marginal what tracking those cookies could do in that time. Do you find any problems in my approach?

  6. Hiding the addon icon completely from any toolbar/whatever doesn't seem to affect the functioning of the addon, am I right?

  7. You say that LocalStorage is stored in "webappsstore.sqlite" file. How come mine is ~83MB big and never seems to shrink even though I completely empty localStorage, or have only few sites stored?

  8. Are you planning to add cleaning of "HSTS supercookies"?

    Here's few links about HSTS:
    http://www.radicalresearch.co.uk/lab/hstssupercookies/
    https://nakedsecurity.sophos.com/2015/0 ... -security/

    HSTS standard is poorly created and it allows fingerprinting/tracking users by creating unlimited subdomain "pins", and it even allows all websites to "read" current stored domain pins, which essentially means that any website can at least make an approximate of users browsing history. I can't believe that browsers allow reading other than originating domain "pins" from the storage. Or adding unlimited subdomain "pins". It's unbelievable sloppiness.. from the approved standard and from browser vendors. How did the HSTS standard go through even if there was loopholes for domains to spy on the user? HSTS was supposed to be enhancing security. Now it allows yet ANOTHER method for tracking/fingerprinting and even snooping out some browsing history. The HSTS "supercookies" are stored in "SiteSecurityServiceState.txt" file in users profile folder.

  9. What kind of storage is the "Offline Web Content and User Data" in Firefox\advanced\network preferences? I have "Tell me when a website asks to store data for offline use" checked, but Firefox has NEVER asked anything regarding this, yet occasionally I check out the preference page and I see that some sites have stored something! I was not asked to allow. It's madness. Could your addon clean/prevent also these?

  10. And for the last, I think I found a bug in your addon. It seems that the delay feature is not working properly. I did this test:

    Addon delay setting used: 300 seconds (5 minutes).
    1) Opened 2 sites that I have not browsed into, nor have them opened in other tabs, nor have any previous cookies from them, yahoo.com and bbc.com, and checked that both added cookie(s).
    2) On exactly 15:59:00 (+-2 sec) I closed bbc.com tab.
    3) On exactly 16:01:00 (+-2 sec) I closed yahoo.com tab.
    4) Waited doing nothing in Firefox in between any of these steps.

    = eventually your addon pop-upped a message: 16:02:36 - yahoo.com, bbc.com (I confirmed that both cookies were removed after that message)

    There seems to be at least 2 bugs present here:
    1) The 300 second delay was NOT followed, the first cookie deletion happened after 3 minutes and 36 seconds, which is 216 seconds.
    2) Both cookies were deleted at the same time, which means that for the last closed tab (yahoo.com) the delay was only 1 minute and 36 seconds (96 seconds).

    Is this expected behavior?

Prekkis
 
Posts: 8
Joined: December 9th, 2016, 6:12 am

Post Posted December 10th, 2016, 8:51 am

About the bug in point 10, it's really bad, just tried with eBay/Paypal, as soon as I moved from eBay site to Paypal, it took about 1-3 seconds for your addon to remove my eBay cookies. The delay setting doesn't work at all. It's all very random when cookies/localStorage are being removed, sometimes the cookies are removed instantly when closing tab, sometimes it takes 1-5 minutes (with my 300 seconds delay setting). Please fix so that every cookie lasts the amount the delay setting is set after a tab is closed. Thanks.

JustOff

User avatar
 
Posts: 56
Joined: February 13th, 2014, 4:23 am

Post Posted December 10th, 2016, 10:24 am

Prekkis wrote:1. You state in the addon description the following: "Cookies Exterminator can't remove cookies when privacy option in browser is set to custom settings for history and custom policy for cookies is enabled." I have "custom settings for history" enabled, "accept cookies from sites" enabled, "accept third-party cookies" set to NEVER, and "keep until" set to THEY EXPIRE. And no cookies "Exceptions" set. Everything seems to work just fine with your addon. Not whitelisted/open sites cookies/LocalStorage is cleared automatically after the delay I have set. Have I understood something incorrectly?

You are second one who reported about that. I definitely had some problems when I tried to use "custom settings for cookies and history" mode during addon development, but I can't reproduce none of them now. Possible it's not an obstacle anymore.

2. Can I ask why your addon version history starts at version 2.7.4?

It just turned out that way)

3. I like that you have the whitelist in "prefs.js" file and not in "Exceptions". This allows the user to clear "Site preferences" automatically when Firefox closes (clearing site preferences deletes also cookies exceptions, SDC addon uses "Exceptions/site permissions" for the whitelist and thus I can't use it if I want to clear "site preferences" on exit). Is it going to be like this for the future or are you planning to change the whitelist save location/system?

I have no plans to change anything in this part.

4. Are you planning to add "<profile folder>/storage/*" clearing to your addon, or create another addon? A simple addon which could clear ALL the myriad "storage" systems baked into browsers nowadays would be great. Currently I don't know how to clear that storage automatically (haven't had the time to find out yet because I've been fighting with cookies/localStorage/HSTS "supercookies" cleaning).. or whether it can be disabled completely, or is it even "safe" to disable it.

I have no plans for that.

5. About the "cross-site transactions" issue, I personally would have liked the SDC addon approach. But, I think I could just set the delay in your addon to 300 seconds (5 minutes) and I think that everything will work out just fine. 5 minutes is more than enough for cross-site transactions, well at least to those I use, mainly Paypal. And I think that the 5 minutes to keep old cookies is not that bad at all, it's marginal what tracking those cookies could do in that time. Do you find any problems in my approach?

Sorry for confusion, but I should probably change the name of this option from "Delay before cleaning" to "Maximum delay before cleaning". And not, you can't rely that cookies will be kept for this period.

6. Hiding the addon icon completely from any toolbar/whatever doesn't seem to affect the functioning of the addon, am I right?

Yes, you are right.

7. You say that LocalStorage is stored in "webappsstore.sqlite" file. How come mine is ~83MB big and never seems to shrink even though I completely empty localStorage, or have only few sites stored?

I have never had such problems, try to dig inside with SQLite Manager.

8. Are you planning to add cleaning of "HSTS supercookies"?

9. What kind of storage is the "Offline Web Content and User Data" in Firefox\advanced\network preferences? I have "Tell me when a website asks to store data for offline use" checked, but Firefox has NEVER asked anything regarding this, yet occasionally I check out the preference page and I see that some sites have stored something! I was not asked to allow. It's madness. Could your addon clean/prevent also these?

I have no plans for that.

10. And for the last, I think I found a bug in your addon. It seems that the delay feature is not working properly. [...] Is this expected behavior?

See the answer for question 5 above.

Prekkis
 
Posts: 8
Joined: December 9th, 2016, 6:12 am

Post Posted December 10th, 2016, 11:19 am

So how does the "delay" actually work? I don't understand "Maximum delay before cleaning". Obviously the delay isn't working like that it always waits the set delay and then cleans all that has to be cleaned. I can see clean-up messages many times during the delay time, e.g. in 5 minutes I can see many clean-ups (w/ 300sec delay setting).

And you are not going to change this behavior? IMO it would be great if the delay would apply to a single cookie/localStorage and not like now when it's just random. Why there is even a delay setting if the delay is just random? And it is just that as I've witnessed today using Firefox, completely random. I don't see any use for the setting as it is now.

Unfortunately this behavior is not good and I can't use your addon. Please consider enhancing the delay feature to something much more usable. Thank you.

JustOff

User avatar
 
Posts: 56
Joined: February 13th, 2014, 4:23 am

Post Posted December 10th, 2016, 1:10 pm

Let me explain the logic. Every time the cookie arrives it is cleaned immediately if it nor protected by exception lists nor used by any tab. Next, when you close the tab or go to the new domain within existing tab the verification is planned with given delay. Every verification is trying to clean all existing unprotected cookies. So if you are closing one tab and verification is scheduled in 5 minutes and then you are closing another tab during that 5 minutes all unprotected cookies will be cleaned when first verification will run. The delay value is only about how often the cleaning job runs (CPU load control) and not about the guaranteed time to keep cookies.

Such algorithm was never intended to be used for cross-domain transactions, so unfortunately you should consider to use private windows/tabs or look for alternative addon.

Prekkis
 
Posts: 8
Joined: December 9th, 2016, 6:12 am

Post Posted December 10th, 2016, 1:26 pm

So, if I understood correctly, when delay is set to 300sec., I should see clean-ups only every 5 minutes? That's not what i see in my Firefox.

Return to Extension/Theme Releases


Who is online

Users browsing this forum: No registered users and 1 guest