[tbb-bugs] #18681 [Tor Browser]: Include and activate "Self-Destructing Cookies" Firefox add-on by default in TBB
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Mar 29 22:48:51 UTC 2016
#18681: Include and activate "Self-Destructing Cookies" Firefox add-on by default
in TBB
-----------------------------+----------------------
Reporter: cypherpunks | Owner: tbb-team
Type: enhancement | Status: new
Priority: Medium | Milestone:
Component: Tor Browser | Version:
Severity: Normal | Keywords:
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
-----------------------------+----------------------
Very relevant, extremely compact (<100kB), GPLv2 Firefox add-on that does
not negatively affect clickprint (I think). Purges cookies from closed
tabs after a specified number of seconds (default is 10 I believe). Can
optionally display a small notification of this purging event, which I
disable.
https://addons.mozilla.org/en-US/firefox/addon/self-destructing-cookies/
I think that bundling this Add-On would be a big win for Tor Browser users
and for privacy online.
Questions:
1. How does it behave between "Private Browsing"/"Never remember history"
mode and normal browsing mode? In Firefox? In Tor Browser?
2. Are there any meaningful ways that this could create a UX problem?
Obviously "Undo Close Tab" might suffer on a small minority of websites
(probably VERY small), but this "problem" is not necessarily out of users'
expectations anyway.
3. Are there any meaningful ways that this could be a privacy problem a la
Panopticlick? "Normal" web browsers obviously soak up tracking cookies
with abandon. One potential problem situation would be, say, on an
e-commerce website, where a user adds items to their Cart and is
identified both by cookie(s) and a unique coded URL, and they close the
tab, then do Undo Close Tab back to their unique URL. That is obviously
unusual behavior for a browser, from the site's perspective, but then, so
is coming from a known Tor Exit Node. As long as all Tor Browser users
behave more or less consistently, it shouldn't be a problem (akin to
window size profiling issues). And even in edge cases, an adversary is not
provided with many data points that can correlate or extrapolate to other
websites or browser tabs readily.
With those questions in mind, I remain convinced that this would be a
highly beneficial add-on to include in Tor Browser.
Action items:
1. Test the behavior of the Self-Destructing Cookies add-on in Tor
Browser, in both History-saving mode and Never Remember History mode.
Compare add-on notifications against local cookie jar directly (verify
purging).
2. Brainstorm and seek out meaningful examples of when this behavior might
negatively affect UX or user privacy. I cannot conceive of many, if any.
3. Make sure the thing doesn't actually try to use the network itself, or
if it does, that it respects SOCKS and fails closed.
4. What do other people think? Is this actually a terrible idea for some
reason?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18681>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list