Support question: how does FMN handle or block cookies from sites with no rules?

[bendover22]

Exactly how does the red forget me rule actually work? On AMO, the red rule is explained, "Red: Override the above rules to explicitly forget them." Explicitly forget them how, by what API process? If sites default to red rule (no other rule set), does it actually block cookies from entering your device?

The Help file could use some detailed clarification on how the red rule works & the differences in red & black rules.

The AMO description says java script set files can't be blocked (java script cookies - how nice of Mozilla- smoochie!) That they will be deleted "as soon as possible," which may not be fast enough to prevent tracking. That sort of, rather, does leave users hanging on what to expect.

Some web ext cookie manager devs say cookies (any) CAN'T be blocked; only deleted ASAP, which might no be soon enough. FMN seems to indicate they CAN be blocked, unless they are set using java script.

Is there written documentation saying non-java script cookies can't be blocked from users' devices and a reason why, other than Mozilla hasn't added a feature to the cookie API to do that?

Other than a busy local CPU or limited free RAM, what determines how fast java script set cookies can be deleted?

Can a red rule block JS set cookies?

[Lusito]

• White: Keep as long as firefox would normally keep them
• Gray: Keep until browser restart (if you checked the clean on start checkbox.. otherwise it's the same as white)
• Red: Forget on domain leave and browser start (if you checked the respective checkboxes)
• Black:
  • Server-Set cookies will never be set
  • JS cookies will be removed almost immediately after creation (normally within a couple of microseconds)
  • For everything else, it works just like Red, since everything else can't be blocked.

I'll try to incorporate some examples to clarify how the rules work.

Some web ext cookie manager devs say cookies (any) CAN'T be blocked;

Well, these may be the reasons why they say it:

• They are lazy
• They don't know how to intercept and filter HTTP requests
• They think intercepting and filtering HTTP requests might cause the browser to slow down a bit and they try to hide this fact from the user by simply saying it's not possible.

When you request data from a server, the response contains cookies and other HTTP headers. You can filter that.. if you do, these cookies will never reach the firefox cookie stores. I guess most developers only read the documentation for the cookies API, which in itself doesn't allow to prevent cookies from being set. You need the webRequest API and an understanding of how HTTP headers work for that.

I hope this answers all of your questions.. if not, feel free to keep asking in more detail.

[bendover22]

Thank you for the details. I really think that exactly how the (default) red rules work, should be added to the short Help page - included in the FMN addon; and on Github & FMN's AMO.mozilla features page or section. Or maybe on a linked page or file, more detailed "How Forget Me Not Works / "How to Use FMN" page or file. I could submit a draft (similar to this ) or feel free. :)

Also, in settings (Help page) or somewhere explain actual differences & similarities between Red & Black rules. In Firefox's Addon Mgr, in FMN's "more info," says,

"Override the above rules to explicitly forget them"

• Yes, forget White & Gray rules, but then do what ( it doesn't say for Red rule). FMN's "Help file" wording on Red rules, means very little to many users. _

  Red: Gray and white rules can be overridden by a red rule. Example: A white rule allows all domains ("" as expression) and a couple of red rules define exceptions to that rule. _ That's all it says under Red rule. Those statements don't explain the Red Rule's actual function(s). It doesn't say anywhere: "Red rule: Clean cookies for a domain after closing all open tabs for a domain; or clean cookies after browser restarts, IF* Cookies box is also checked.

• To clear storage for a domain after closing all its tabs, check "Local Storage" box.

• AND "Delay in Minutes" must have valid whole number entered - from 0 & up. (Question: 0 is valid for delay. Would there be cases where 1sec. to 59 seconds delay would be preferable to using 0, 1, 2,...n whole minutes (no fractions allowed, like 10 sec.)?)

• In instructions, for new or non-technical (or old) users, it's not a good idea to use phrases like, "if appropriate (or respective) boxes are checked." What respective boxes? Some non-native English speakers won't even know what "respective" means in this context. Suggest using exact item names, when boxes must be checked / unchecked for a feature to work.

• If people already know how to use any program, non-specific phrases like that serve as reminders; for many other new or non-technical users, they mean very little. Besides, the comment you just made above is the 1st place I've seen an attempt to explain exactly how & when Red Rules work. I point out some issues only to help a broader group of users, not to criticize anyone.

• As you said, some basic examples would be good - esp. for not as technical users. People with certain learning disabilities often do much better by seeing & imitating realistic examples, than by reading instructions in paragraph form. I was a professional engineer and also taught in classrooms and tutored from elementary through high school / college math & science students for 20 years. The disabilities mentioned are far more common than most people realize.

• I've read the Help page ("file") many times - start to finish, and the AMO page several times; played around w/ FMN settings a good while and I didn't get from any documentation that default Red rules (on every site) would delete cookies IF all tabs for a domain are closed or after a browser restart, because that's not stated.
  Main point being, you must know every tab that was opened for a domain - at some point, and make sure they're all closed.

• I assume that's true EVEN if a tab was originally opened for xyz.com, but other sites were later opened in that same tab. Now abc.org is the current domain in the tab. You must remember xyz.com was once open in the tab now showing abc.org, and close it, for Red rule to clean xyz.com's cookies?

• I hope I'm wrong on that, cause it gets messy. Meaning?, you'd have to close / lose the current abc.org tab (lose your login) in order to delete cookies for xyz.com? Or is that how FMN works for "closing all instances" associated at any point with xyz.com?

[Lusito]

I'm gonna try and explain this differently:

• White: never clean
• Gray: Clean only on browser start
• Red: Clean on domain leave and browser start
• Black: Block completely, if possible. Otherwise behave like Red. (JS Cookies get deleted almost immediately after).

For Gray and Red to work, the respective checkboxes must be enabled.

How domain leave works: Say you have two tabs: A (google.com) and B (bing.com). You change the url in A to yahoo.com. This will be detected as a leave for google.com and it will be cleaned accordingly.

How domain leave cleanup delay works: Say you configured a 1 minute delay for domain leave cleanup. You start with the same scenario as stated above, but after going to yahoo.com, you press the back button of the browser to go back to google.com. Then google.com will not be cleaned. But yahoo.com will be cleaned after 1 minute.

Container Tabs: Domain leave detection works per cookie-store.. a cookie store is like a shared container for your cookies. Firefox default has one cookie-store, firefox-private has another cookie-store and each container you created has its own cookie store. So once a domain is no longer active in any of the tabs of a cookie store, it will be cleaned for that specific cookie store. Example: You have 4 tabs: A (google.com), B (bing.com), which are both in firefox-default and C (google.com), D (yahoo.com), which are both in a container "work". You navigate away from google.com in tab C (either by changing the URL or by closing the tab), then after the specified delay, google.com will be cleaned in the "work" container environment (cookie-store), while tab A will not be cleared.

I hope this clears it up for you.

[bendover22]

Thanks, but my example questions or pointing out certain things that aren't clear or not mentioned in the tutorial or on AMO, weren't about me, personally, not understanding. Any improved / clarified instructions need to go in the included tutorial file.

I was trying to point out that the tutorial / AMO description isn't worded clearly enough & left out some "steps," that average or non-technical users likely won't understand. They often don't have skills or the desire to play around till they figure things out (possibly from lack of said skills or just different backgrounds) .

Non-technical users often won't take time to ask & questions or offer suggestions, as many users on on forums like this are happy to do. Non-technical or inexperienced users often move on or live with not understanding some features or not knowing they exist. Experienced or technical users are just the opposite.

Kind of like many non-math inclined students often can't or won't try to figure out example problems in math books that leave out very trivial steps. Those users could get some engineering degree. :D Re-writing parts of the tutorial is probably easier.

If advanced users waited until every software had totally complete, easy to follow help files before using paid software or FOSS, we'd never use over a few % of all software. :)

Some users could submit suggestions how to reword or add to the tutorial. I'd be happy to make some suggestions (if you want) to lighten your load a bit.

[Lusito]

I am well aware that the explanations need to be adapted, but I first need to establish (with you) what level of explanation detail is necessary, because I don't want to write walls of text, as that drives users away as well.

So once you have reached an understanding of what's going on, I will change the explanations accordingly and get feedback if the new ones are alright. You are, of course, very welcome to rewrite the explanations yourself. Just keep in mind, that the UI will change a bit in the next version and thus some things might not be necessary anymore or explained in a different part of the UI.

[Lusito]

@bendover22 please take a look at the screenshots from the new UI here: https://github.com/Lusito/forget-me-not/issues/67#issuecomment-431952843

I have high hopes, that this should make it a lot easier to understand. Of course, the tutorial will also include an improved detailed explanation.

[Lusito]

The new translations for english are online: https://lusito.github.io/web-ext-translator/?gh=https://github.com/lusito/forget-me-not/tree/develop

I'm going to close this ticket for now. Feel free to suggest changes to make it easier to understand.