[tbb-bugs] #18681 [Tor Browser]: Include and activate "Self-Destructing Cookies" Firefox add-on by default in TBB

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Mar 29 22:48:51 UTC 2016

#18681: Include and activate "Self-Destructing Cookies" Firefox add-on by default
in TBB
     Reporter:  cypherpunks  |      Owner:  tbb-team
         Type:  enhancement  |     Status:  new
     Priority:  Medium       |  Milestone:
    Component:  Tor Browser  |    Version:
     Severity:  Normal       |   Keywords:
Actual Points:               |  Parent ID:
       Points:               |   Reviewer:
      Sponsor:               |
 Very relevant, extremely compact (<100kB), GPLv2 Firefox add-on that does
 not negatively affect clickprint (I think). Purges cookies from closed
 tabs after a specified number of seconds (default is 10 I believe). Can
 optionally display a small notification of this purging event, which I


 I think that bundling this Add-On would be a big win for Tor Browser users
 and for privacy online.


 1. How does it behave between "Private Browsing"/"Never remember history"
 mode and normal browsing mode? In Firefox? In Tor Browser?

 2. Are there any meaningful ways that this could create a UX problem?
 Obviously "Undo Close Tab" might suffer on a small minority of websites
 (probably VERY small), but this "problem" is not necessarily out of users'
 expectations anyway.

 3. Are there any meaningful ways that this could be a privacy problem a la
 Panopticlick? "Normal" web browsers obviously soak up tracking cookies
 with abandon. One potential problem situation would be, say, on an
 e-commerce website, where a user adds items to their Cart and is
 identified both by cookie(s) and a unique coded URL, and they close the
 tab, then do Undo Close Tab back to their unique URL. That is obviously
 unusual behavior for a browser, from the site's perspective, but then, so
 is coming from a known Tor Exit Node. As long as all Tor Browser users
 behave more or less consistently, it shouldn't be a problem (akin to
 window size profiling issues). And even in edge cases, an adversary is not
 provided with many data points that can correlate or extrapolate to other
 websites or browser tabs readily.

 With those questions in mind, I remain convinced that this would be a
 highly beneficial add-on to include in Tor Browser.

 Action items:

 1. Test the behavior of the Self-Destructing Cookies add-on in Tor
 Browser, in both History-saving mode and Never Remember History mode.
 Compare add-on notifications against local cookie jar directly (verify

 2. Brainstorm and seek out meaningful examples of when this behavior might
 negatively affect UX or user privacy. I cannot conceive of many, if any.

 3. Make sure the thing doesn't actually try to use the network itself, or
 if it does, that it respects SOCKS and fails closed.

 4. What do other people think? Is this actually a terrible idea for some

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18681>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tbb-bugs mailing list