[Ext] Cookies Exterminator

Announce and Discuss the Latest Theme and Extension Releases.
User avatar
JustOff
Posts: 61
Joined: February 13th, 2014, 4:23 am

[Ext] Cookies Exterminator

Post by JustOff »

Image

Cookies Exterminator automatically erases cookies and localStorage objects when they are no longer used by open browser tabs. You don't need to use any blacklists and be concerned about how they are up to date - the unwanted data will be removed on the fly. This will help to defend browser from the most known tracking techniques used on the web and to increase privacy.

Cookies Exterminator is written in pure javascript without SDK and has no scheduled background tasks, so it runs fast, uses little memory and can be installed in either Firefox, SeaMonkey or Pale Moon. If you have used Self-Destructing Cookies addon, white and grey lists will be automatically imported from it on first run.

Full description is on AMO
.
User avatar
streetwolf
Posts: 2700
Joined: August 21st, 2011, 8:07 am
Location: NJ (USA)

Re: [Ext] Cookies Exterminator

Post by streetwolf »

Works very well. I was a user of SDC but that stopped working for me a while back. I hope you plan on making a Web Extensions version.
Intel i9-13900K | ASUS ROG MAXIMUS Z790 HERO DDR5 | 64GB CORSAIR VENGEANCE DDR5 @ 6400 Mhz.
H100i ELITE CAPELLIX XT Liquid CPU Cooler | PNY 12GB GeForce RTX 3080 Ti | 2 CORSAIR 2TB MP600 PRO XT GEN 4
HX1200 PLATINUM PSU | XENEON 32" IPS UHD 144Hz | BenQ 32" UHD | MS Windows 11 Pro
User avatar
JustOff
Posts: 61
Joined: February 13th, 2014, 4:23 am

Re: [Ext] Cookies Exterminator

Post by JustOff »

Thank you! Let's first survive the e10s)
User avatar
streetwolf
Posts: 2700
Joined: August 21st, 2011, 8:07 am
Location: NJ (USA)

Re: [Ext] Cookies Exterminator

Post by streetwolf »

I think CE isn't clearing out Local storage. I'm assuming that local storage is at "C:\Users\garys\AppData\Roaming\Mozilla\Firefox\Profiles\bmiy16r2.default\storage\default". At the moment I have an entry for weather.com. The folder is https+++weather.com. weather.com isn't on my whitelist. The cookie in cookies.sqlite is being deleted.

CCleaner has a cookie viewer and it displays it has a cookie. It deletes the cookie too when I clean.
Intel i9-13900K | ASUS ROG MAXIMUS Z790 HERO DDR5 | 64GB CORSAIR VENGEANCE DDR5 @ 6400 Mhz.
H100i ELITE CAPELLIX XT Liquid CPU Cooler | PNY 12GB GeForce RTX 3080 Ti | 2 CORSAIR 2TB MP600 PRO XT GEN 4
HX1200 PLATINUM PSU | XENEON 32" IPS UHD 144Hz | BenQ 32" UHD | MS Windows 11 Pro
User avatar
JustOff
Posts: 61
Joined: February 13th, 2014, 4:23 am

Re: [Ext] Cookies Exterminator

Post by JustOff »

Local storage data is in the <profile folder>/webappsstore.sqlite file, and <profile folder>/storage/* points to different storages: IndexedDB, asm.js cache and Cache API. Cookies Exterminator currently handles only cookies and localStorage, so yes, there is room for improvements.

UPD: You can use Web Storage Viewer to view both localStorage and Cookies.
ltcomdata
New Member
Posts: 1
Joined: November 28th, 2016, 8:28 pm

Re: [Ext] Cookies Exterminator

Post by ltcomdata »

A bug/improvement request. (i am using Pale Moon, in case that is relevant). Some websites send you to a different website in order to complete a purchase transaction. Then the second website returns you to the first website to confirm your transaction. But CE deletes the cookies of the original website before you are returned. This results in the original website not recognizing you at all, much less acknowledging that you ordered and paid for service. Self-Destructing Cookies didn't seem to have this problem. I don't know how they got around it: knowing that they had to keep the cookies of the original website until after the secondary website returned you to the primary. It was a nifty feature of SDC, which I hope CE can dupllicate/implement.

Thanks!
User avatar
JustOff
Posts: 61
Joined: February 13th, 2014, 4:23 am

Re: [Ext] Cookies Exterminator

Post by JustOff »

In order to support cross-site transactions SDC keeps cookies for last 5 sites from history in each tab. This leads to preserving of unobvious cookies that you can't easily track, but which can track you. Imagine you looked for something with Google and then opened link from search result in the same tab. After that your browser is poisoned by Google until you have closed that tab or walked across 5 different sites.

CE intentionally acts otherwise and for cross-site transactions I recommend to use private private tabs or windows.
gfhfgfdfdh
Posts: 19
Joined: March 21st, 2011, 1:01 pm

Re: [Ext] Cookies Exterminator

Post by gfhfgfdfdh »

streetwolf wrote:Works very well. I was a user of SDC but that stopped working for me a while back. I hope you plan on making a Web Extensions version.
SDC stopped working for you? For me it still seems to work fine in Firefox 50 - please tell details.

@JustOff:

Maybe there could be a blacklisting or whitelisting approach to this? Do SDC and CE not delete cookies of private tabs at all?
User avatar
JustOff
Posts: 61
Joined: February 13th, 2014, 4:23 am

Re: [Ext] Cookies Exterminator

Post by JustOff »

gfhfgfdfdh wrote:Maybe there could be a blacklisting or whitelisting approach to this?
Too many lists will only confuse, imho. Much easier to open private tab/window or even temporary disable active mode.
Do SDC and CE not delete cookies of private tabs at all?
Yes and it's mentioned in the descriptions of both.
Prekkis
Posts: 8
Joined: December 9th, 2016, 6:12 am

Re: [Ext] Cookies Exterminator

Post by Prekkis »

I trying to decide which addon I could use for automatic cookie cleaning and your addon is one of them. Few questions came up:
  1. You state in the addon description the following: "Cookies Exterminator can't remove cookies when privacy option in browser is set to custom settings for history and custom policy for cookies is enabled."

    I have "custom settings for history" enabled, "accept cookies from sites" enabled, "accept third-party cookies" set to NEVER, and "keep until" set to THEY EXPIRE. And no cookies "Exceptions" set.

    Everything seems to work just fine with your addon. Not whitelisted/open sites cookies/LocalStorage is cleared automatically after the delay I have set. Have I understood something incorrectly?
  2. Can I ask why your addon version history starts at version 2.7.4?
  3. I like that you have the whitelist in "prefs.js" file and not in "Exceptions". This allows the user to clear "Site preferences" automatically when Firefox closes (clearing site preferences deletes also cookies exceptions, SDC addon uses "Exceptions/site permissions" for the whitelist and thus I can't use it if I want to clear "site preferences" on exit). Is it going to be like this for the future or are you planning to change the whitelist save location/system?
  4. Are you planning to add "<profile folder>/storage/*" clearing to your addon, or create another addon? A simple addon which could clear ALL the myriad "storage" systems baked into browsers nowadays would be great. Currently I don't know how to clear that storage automatically (haven't had the time to find out yet because I've been fighting with cookies/localStorage/HSTS "supercookies" cleaning).. or whether it can be disabled completely, or is it even "safe" to disable it.
  5. About the "cross-site transactions" issue, I personally would have liked the SDC addon approach. But, I think I could just set the delay in your addon to 300 seconds (5 minutes) and I think that everything will work out just fine. 5 minutes is more than enough for cross-site transactions, well at least to those I use, mainly Paypal. And I think that the 5 minutes to keep old cookies is not that bad at all, it's marginal what tracking those cookies could do in that time. Do you find any problems in my approach?
  6. Hiding the addon icon completely from any toolbar/whatever doesn't seem to affect the functioning of the addon, am I right?
  7. You say that LocalStorage is stored in "webappsstore.sqlite" file. How come mine is ~83MB big and never seems to shrink even though I completely empty localStorage, or have only few sites stored?
  8. Are you planning to add cleaning of "HSTS supercookies"?

    Here's few links about HSTS:
    http://www.radicalresearch.co.uk/lab/hstssupercookies/
    https://nakedsecurity.sophos.com/2015/0 ... -security/

    HSTS standard is poorly created and it allows fingerprinting/tracking users by creating unlimited subdomain "pins", and it even allows all websites to "read" current stored domain pins, which essentially means that any website can at least make an approximate of users browsing history. I can't believe that browsers allow reading other than originating domain "pins" from the storage. Or adding unlimited subdomain "pins". It's unbelievable sloppiness.. from the approved standard and from browser vendors. How did the HSTS standard go through even if there was loopholes for domains to spy on the user? HSTS was supposed to be enhancing security. Now it allows yet ANOTHER method for tracking/fingerprinting and even snooping out some browsing history. The HSTS "supercookies" are stored in "SiteSecurityServiceState.txt" file in users profile folder.
  9. What kind of storage is the "Offline Web Content and User Data" in Firefox\advanced\network preferences? I have "Tell me when a website asks to store data for offline use" checked, but Firefox has NEVER asked anything regarding this, yet occasionally I check out the preference page and I see that some sites have stored something! I was not asked to allow. It's madness. Could your addon clean/prevent also these?
  10. And for the last, I think I found a bug in your addon. It seems that the delay feature is not working properly. I did this test:

    Addon delay setting used: 300 seconds (5 minutes).
    1) Opened 2 sites that I have not browsed into, nor have them opened in other tabs, nor have any previous cookies from them, yahoo.com and bbc.com, and checked that both added cookie(s).
    2) On exactly 15:59:00 (+-2 sec) I closed bbc.com tab.
    3) On exactly 16:01:00 (+-2 sec) I closed yahoo.com tab.
    4) Waited doing nothing in Firefox in between any of these steps.

    = eventually your addon pop-upped a message: 16:02:36 - yahoo.com, bbc.com (I confirmed that both cookies were removed after that message)

    There seems to be at least 2 bugs present here:
    1) The 300 second delay was NOT followed, the first cookie deletion happened after 3 minutes and 36 seconds, which is 216 seconds.
    2) Both cookies were deleted at the same time, which means that for the last closed tab (yahoo.com) the delay was only 1 minute and 36 seconds (96 seconds).

    Is this expected behavior?
Prekkis
Posts: 8
Joined: December 9th, 2016, 6:12 am

Re: [Ext] Cookies Exterminator

Post by Prekkis »

About the bug in point 10, it's really bad, just tried with eBay/Paypal, as soon as I moved from eBay site to Paypal, it took about 1-3 seconds for your addon to remove my eBay cookies. The delay setting doesn't work at all. It's all very random when cookies/localStorage are being removed, sometimes the cookies are removed instantly when closing tab, sometimes it takes 1-5 minutes (with my 300 seconds delay setting). Please fix so that every cookie lasts the amount the delay setting is set after a tab is closed. Thanks.
User avatar
JustOff
Posts: 61
Joined: February 13th, 2014, 4:23 am

Re: [Ext] Cookies Exterminator

Post by JustOff »

Prekkis wrote:1. You state in the addon description the following: "Cookies Exterminator can't remove cookies when privacy option in browser is set to custom settings for history and custom policy for cookies is enabled." I have "custom settings for history" enabled, "accept cookies from sites" enabled, "accept third-party cookies" set to NEVER, and "keep until" set to THEY EXPIRE. And no cookies "Exceptions" set. Everything seems to work just fine with your addon. Not whitelisted/open sites cookies/LocalStorage is cleared automatically after the delay I have set. Have I understood something incorrectly?
You are second one who reported about that. I definitely had some problems when I tried to use "custom settings for cookies and history" mode during addon development, but I can't reproduce none of them now. Possible it's not an obstacle anymore.
2. Can I ask why your addon version history starts at version 2.7.4?
It just turned out that way)
3. I like that you have the whitelist in "prefs.js" file and not in "Exceptions". This allows the user to clear "Site preferences" automatically when Firefox closes (clearing site preferences deletes also cookies exceptions, SDC addon uses "Exceptions/site permissions" for the whitelist and thus I can't use it if I want to clear "site preferences" on exit). Is it going to be like this for the future or are you planning to change the whitelist save location/system?
I have no plans to change anything in this part.
4. Are you planning to add "<profile folder>/storage/*" clearing to your addon, or create another addon? A simple addon which could clear ALL the myriad "storage" systems baked into browsers nowadays would be great. Currently I don't know how to clear that storage automatically (haven't had the time to find out yet because I've been fighting with cookies/localStorage/HSTS "supercookies" cleaning).. or whether it can be disabled completely, or is it even "safe" to disable it.
I have no plans for that.
5. About the "cross-site transactions" issue, I personally would have liked the SDC addon approach. But, I think I could just set the delay in your addon to 300 seconds (5 minutes) and I think that everything will work out just fine. 5 minutes is more than enough for cross-site transactions, well at least to those I use, mainly Paypal. And I think that the 5 minutes to keep old cookies is not that bad at all, it's marginal what tracking those cookies could do in that time. Do you find any problems in my approach?
Sorry for confusion, but I should probably change the name of this option from "Delay before cleaning" to "Maximum delay before cleaning". And not, you can't rely that cookies will be kept for this period.
6. Hiding the addon icon completely from any toolbar/whatever doesn't seem to affect the functioning of the addon, am I right?
Yes, you are right.
7. You say that LocalStorage is stored in "webappsstore.sqlite" file. How come mine is ~83MB big and never seems to shrink even though I completely empty localStorage, or have only few sites stored?
I have never had such problems, try to dig inside with SQLite Manager.
8. Are you planning to add cleaning of "HSTS supercookies"?

9. What kind of storage is the "Offline Web Content and User Data" in Firefox\advanced\network preferences? I have "Tell me when a website asks to store data for offline use" checked, but Firefox has NEVER asked anything regarding this, yet occasionally I check out the preference page and I see that some sites have stored something! I was not asked to allow. It's madness. Could your addon clean/prevent also these?
I have no plans for that.
10. And for the last, I think I found a bug in your addon. It seems that the delay feature is not working properly. [...] Is this expected behavior?
See the answer for question 5 above.
Prekkis
Posts: 8
Joined: December 9th, 2016, 6:12 am

Re: [Ext] Cookies Exterminator

Post by Prekkis »

So how does the "delay" actually work? I don't understand "Maximum delay before cleaning". Obviously the delay isn't working like that it always waits the set delay and then cleans all that has to be cleaned. I can see clean-up messages many times during the delay time, e.g. in 5 minutes I can see many clean-ups (w/ 300sec delay setting).

And you are not going to change this behavior? IMO it would be great if the delay would apply to a single cookie/localStorage and not like now when it's just random. Why there is even a delay setting if the delay is just random? And it is just that as I've witnessed today using Firefox, completely random. I don't see any use for the setting as it is now.

Unfortunately this behavior is not good and I can't use your addon. Please consider enhancing the delay feature to something much more usable. Thank you.
User avatar
JustOff
Posts: 61
Joined: February 13th, 2014, 4:23 am

Re: [Ext] Cookies Exterminator

Post by JustOff »

Let me explain the logic. Every time the cookie arrives it is cleaned immediately if it nor protected by exception lists nor used by any tab. Next, when you close the tab or go to the new domain within existing tab the verification is planned with given delay. Every verification is trying to clean all existing unprotected cookies. So if you are closing one tab and verification is scheduled in 5 minutes and then you are closing another tab during that 5 minutes all unprotected cookies will be cleaned when first verification will run. The delay value is only about how often the cleaning job runs (CPU load control) and not about the guaranteed time to keep cookies.

Such algorithm was never intended to be used for cross-domain transactions, so unfortunately you should consider to use private windows/tabs or look for alternative addon.
Prekkis
Posts: 8
Joined: December 9th, 2016, 6:12 am

Re: [Ext] Cookies Exterminator

Post by Prekkis »

So, if I understood correctly, when delay is set to 300sec., I should see clean-ups only every 5 minutes? That's not what i see in my Firefox.
Post Reply