Privacy Badger breaks website autologin

[ghost]

While Privacy Badger is enabled, website autologin is disabled. Even when cookies are specifically set to remain between sessions, Privacy Badger somehow destroys them upon end of session.

Domains with broken autologin while Privacy Badger is enabled: deviantart.com fanfiction.net pastebin.org steamcommunity.com steampowered.com tumblr.com

The list goes on...

Please ensure autologin cookies and cookies with specific user-created rules are safe from Privacy Badger destroying them on session end.

[macmanx2]

I don't have accounts with any of the sites you listed, so can't test for sure, but I'm not having any trouble staying logged in to the sites I use.

Are you sure that you don't have Firefox set to "Never Remember History" or to keep cookies until "I close Firefox"? This is controlled via the Privacy section of the browser settings.

[diracdeltas]

@Makitk This may be related to the weird fix that I made for #85. Did you set your firefox preferences to "keep cookies until I close firefox" with exceptions added for the sites that you login from?

Privacy Badger is supposed to destroy the cookies that it has added to the exceptions list when the session ends if you've chosen that setting. (The reason it adds cookies to the exceptions list at all is an annoying side effect of how Firefox handles cookie permissions as exceptions to the default behavior.)

So if you've added a cookie to the exceptions list yourself and Privacy Badger has also added it [1], the cookie will get destroyed at the end of the session. I didn't think this would be a likely scenario, but it's not hard to fix.

[1] This should only happen for trackers that show up as yellow/red in the panel. It also happens if you've manually set a tracker to green.

[ghost]

@diracdeltas You described my settings exactly, yes. I block third party cookies and make all non-exception cookies kill themselves on exit. If your fix causes Privacy Badger to destroy my exceptions, in addition to its own exceptions, how exactly would I go about fixing that behaviour?

[diracdeltas]

@Makitk Ok, I'm curious if this will fix anything:

1. Go to the settings menu in Privacy Badger (the gear icon in the upper right of the panel)
2. Click "Unblock all trackers" and confirm (unfortunately, this will reset Privacy Badger to its initial state, but given that you are blocking 3p cookies by default anyway, it's not too bad).
3. Go into the Firefox privacy preferences menu and add any exceptions that were missing.

In theory those exceptions should be preserved when you exit.

[ghost]

@diracdeltas Done. Did not fix anything. Still got logged out of places after exits.

I'm also not using Firefox after Mozilla dumped the atrocity Australis in v29 and the EME/DRM thing on their users. Moved to Pale Moon. (http://www.palemoon.org) Pale Moon's codebase is currently based off of FF v24 ESR.

I do not know how much this would impact Privacy Badger's functionality, if at all. As far as I know it should run everything FF base could at v24 ESR.

[diracdeltas]

Ok, I have tried to reproduce this bug on a fresh profile with Firefox 24.5 (ESR) without success. I installed pbadger 0.1.3, set "block 3p cookies" and "clear cookies on close", added an exception for google.com, logged into gmail, quit the browser, started it, and was still logged into gmail.

Can you check that the cookies are actually gone (preferences > privacy > show cookies) after you restart the browser?

[ghost]

For some reason setting tumblr as my start page, which I did, made all sessions keep getting logged out between settings, even with their cookies remaining. Setting it to a blank page and then doing as you asked did keep me logged in, across the board. I'm confused now. x_x;

[dmccarty-incomm]

I have the same problem--as long as Privacy Badger is enabled, I get signed out of Google and Hotmail as soon as I close Firefox (probably others, but these are the 2 I have specifically noted). Getting signed out of Google is pretty annoying since I have 2-step verification set up.

My Privacy settings: Tell sites that I do not want to be tracked Remember my browsing and DL history Remember search and form history Accept cookies from sites accept 3rd party cookies: From Visited Keep until: I close Firefox

I have a long list of exceptions, including: accounts.google.com accounts.youtube.com gmail.com login.live.com mail.live.com people.directly.live.com

A couple of interesting notes: I cleared all my history, cookies, preferences, etc. and then set my browser to "Keep Until: Ask me every time". Then I logged into Google and hotmail. I told it to allow all cookies (and to do this for all cookies form this site) during this process. I killed firefox and started it up again and went back to those sites. My login persisted, and it didn't ask to set more cookies. (I did this several times). I also noted that the exceptions were added in the cookie exception list. Then I enabled PB and Clicked "Unblock all trackers" (and confirmed), killed my browser again and went back to Google and Hotmail. My login was lost. Interesting note 1: I clicked on the PB icon several times and it never said it was blocking anything Interesting note 2: After I disabled PB, restarted my browser and came back to these sites, Firefox again asked me if it could set some cookies that I had previously told it to allow and remember.

So... not sure what's going on, but I'm afraid I'll need to leave PB off for now...

[vrillusions]

I'm also running in to this.

Privacy settings (with fancy checkboxes):

• [x] Remember my browsing and download history
• [x] Remember search and form history
• [x] Accept cookies from sites
  • Accept third-party cookies: Never
  • Keep until: I close Firefox
• [ ] Clear history when firefox closes

Sites I've been experiencing this on

• github.com
• *.google.com
• twitter.com

I pulled up list of exceptions and see several that have the status "Allow first party only" which isn't an option in UI so I imaging those are the ones pbadger is adding and then removing on close? for example I see github.com is the one I set to allow and then cloud.github.com is "allow first party only".

(update)so I unblocked all trackers, disabled pbadger, restarted firefox and all those "allow first party only" ones where gone and looks like they took google.com and twitter.com with them. I readd those, verified it kept my login, enabled pbadger and restarted firefox and it kept the cookies. I'll update if after it relearns it starts blocking it again.

[vrillusions]

and it's back. haven't touched anything in privacy badger nor did I mess with permissions in firefox since then. This time I wrote down the sites it seems privacy badger was adding, reset pbadger settings, add those to exclusions, and reenable pbadger and see if that fixes it.

Sucks because privacy badger blocks enough stuff that I didn't have to run adblock or ghostery.

[vrillusions]

So I keep trying to cope with this and it still keeps breaking sites within a few days from resetting privacy badger settings. Every time I do what I mentioned in previous comment. I'll write down what privacy badger has changed, then I'll go in and set the same exclusions on sites that I have problems with, and they still keep getting reset. This constantly happens with both github and twitter, which are probably the main two sites I have whitelisted. I can't think of any other sites where I tell it to keep login now that I think of it. Well i guess the cookies that banks set to show that my browser is authorized will stay. But it's not always happening. For example I just reset it again, restarted firefox a couple times, went to sites like cnn and msnbc and other sites which I know would get privacy badger to start blocking things, restart again, and it's not happening. It only happens after some period of time.

Don't know what populates the list of exceptions but maybe if there was a way to add exceptions to that source list. For example a way to tell privacy badger that no matter what to never touch *.twitter.com cookies. I'm going to see if I disable for github and twitter if that fixes it. But then that's not ideal because then those sites can use 3rd party advertisers and they wouldn't be blocked.

[ghost]

I have resorted to stop using Privacy Badger. The bugs aren't worth it to me.

[pganssle]

I am also experiencing this, primarily with Wikipedia. Github login manages to persist across sessions, though, so I don't know what's going on there.

I've always added the cookie exceptions through Firefox's interface, not through Privacy Badger's. The cookies are deleted either at the end of the session or the beginning. Settings are as described by @Makitk - Keep until I close Firefox, third party cookies off. My understanding is that Firefox's "Clear cookies on exit" does not respect exceptions while "Keep until I close Firefox" does. Not quite sure about the asymmetry between Wikipedia and the other sites, or between my setup and @vrillusions' (since github seems to be a problem site for him, but not for me).

For now I've just disabled Privacy Badger.

[cooperq]

@pganssle @vrillusions This is definitely a problem, and I would like to resolve it. I have been unable to duplicate the bug so far however. What version of privacy badger and firefox are you using? Can you start with a fresh profile and write down the exact steps needed to duplicate this problem?

[ansemjo]

I am having a somewhat similar experience.

In addition to recently installing Privacy Badger I've been using Cookie Controller (https://addons.mozilla.org/en-US/firefox/addon/cookie-controller/) for a while now.

My default settings are: do not keep any history, allow cookies, but discard them at the end of a session (set as default in cookie controller), with certain whitelisted domains, which get to keep their cookies across sessions.

Now Privacy Badger unfortunately seems to override this whitelist or even ignore the slider setting when set to green (i.e. keep all cookies.). I haven't tried many domains yet, but it definitely keeps happening on Facebook, Twitter, Youtube .. (I have not yet whitelisted their entire domains, because that would miss the point I guess. However I put their sliders to 'green')

I would propose an option to turn off the intermediate level altogether. I.e. either completely block a tracker or leave it untouched. And then leave all the "session cookie" settings to other addons. (If that's possible at all.) I would still have the same functionality with Cookie Controller set to "session cookies only" as its default, but keep my autologin-cookies.

I am using: Firefox 40.0 (beta channel), Privacy Badger 1.0.0, Cookie Controller 4.1

Edit: Setting "deactivate on this site" apparently fixes it for the mentioned sites .. however, that still means that merely putting the slider to 'green' does not fix this issue. And I'd rather not deactivate Privacy Badger entirely for a domain.

Edit 2: Nevermind ... apparently I whitelisted the wrong domains. Unfortunately it is not always straightforward, as the domains needed for autologin are not always the same that are shown in the list of PrivacyBadger for a certain site. Also I experienced some minor inconveniences with the sliders. Setting the sliders in the "Privacy Badger options > Filter settings" page worked flawlessly though ..

[desbma]

I'm hit by this bug, it is not solved.

I will try to setup a new profile with minimum steps to reproduce.

[desbma]

Alright, it took me a lot of time, testing several new profiles, interactions with other extensions, etc.

Steps to reproduce with a fresh profile (tested with Firefox 40.0.3 on Ubuntu):

1. Install PB from https://addons.mozilla.org/fr/firefox/addon/privacy-badger-firefox/

2. Go to about:config, change value of following variables:

   • network.cookie.cookieBehavior to 3
   • network.cookie.lifetimePolicy to 2

   (this can also be changed from the privacy tab in Firefox options) For convenience, also set Firefox to restore open tabs at startup.

3. Quit Firefox normally
4. Copy this file to your Firefox profile directory, in jetpack/jid1-MnnxcxisBPnSXQ@jetpack/simple-storage This simulates Privacy Badger training, otherwise you would have to surf for a while to identify trackers.
5. Start Firefox, go to github.com, login
6. Add exception in Firefox to to always keep cookies from github.com
7. Restart Firefox, see you have been logged out from GitHub

To confirm it's due to Privacy Badger:

1. Disable Privacy Badger
2. Login to GitHub again
3. Restart Firefox, you should be still logged in

[cooperq]

awesome! Excellent reproduction steps! I will test it myself but from your description I think that this case might also be related to #551, I will see if my fixes for that also fix this issue.

[desbma]

FYI I tried version 1.0.3, and this is not fixed.

[cooperq]

when you visit github.com can you tell me which domains privacy badger is blocking and cookieblocking? (or send a screenshot)?

[desbma]

api.github.com : cookieblocked assets-cdn.github.com : cookieblocked live.github.com : cookieblocked www.google-analytics.com : blocked

[cooperq]

okay, this seems to be another manifestation of #648 the main issue here is that subdomains of github.com should NEVER be blocked on their own domain. This is now my highest priority.

[foxidrive]

Autologin on http://stackoverflow.com and http://meta.stackoverflow.com doesn't work when Privacy Badger is enabled.

I've selected "Click to deactivate Privacy badger on this site" and when I restart Firefox I have to log into the site, every time.

Do you need extra information?

[fph]

I see that this issue is still tagged needs-info, even after @desbma's comments with detailed steps to reproduce. Which additional info do you need? I am affected by the bug, too, and I can help.