Question: Does FMN really enhance privacy?

[practik]

Sorry for the inflammatory title :-) But I wanted to hear your thoughts on some things I've read elsewhere. We know that Firefox's APIs for removing different kinds of data are rather patchy. Some concerns:

1. Removing cookies and localStorage on domain leave may leave behind other kinds of tracking data.
2. If you have FF set to clear tracking data on close (as I do), it may miss some of that data because the cookies for those domains have already been cleared.

I haven't seen this to be the case, personally, but I'm not sure I know where to look. So I'm curious to hear what you think about all this.

[Lusito]

1. Removing cookies and localStorage on domain leave may leave behind other kinds of tracking data.

Of course, tracking data might still be added to indexedDB, plugin data, or via HSTS supercookies, which are not cleared on a per-domain basis (so not on domain leave). I am hoping that the Web-Extension API will get improvements that allow the cleaning of those in the future.

2. If you have FF set to clear tracking data on close (as I do), it may miss some of that data because the cookies for those domains have already been cleared.

Are you talking about the FMN cleanup? that happens on startup, not on close, as firefox doesn't want extensions to delay the application exit.

If you do run cleanup on startup, it won't matter if the cleanup has already run on domain leave or not. FMN will go through all cookies and remove those, which are not open in a tab and not protected by a rule and remove them. Since there is no way to list localstorage entries yet (until bug 1464895 is resolved), FMN remembers domain names which have not been left yet for the startup cleanup. If, upon startup the domain is still open in a tab, then it will still be on the list of domains to clean up.

Depending on your settings you might keep cookies around that track you. For example, enable cleanup on leave after 60 seconds, leave a domain and then restart the browser before the timer runs out => only if you enabled cleanup on startup, the cleanup will be done for this domain.

Also, if you don't enable the cleanup third-party cookies, it will not clean them until you restart the browser (or never if you didn't check the cleanup on startup)

But this is all about how you want cleanup to happen.

To answer your question: FMN is no perfect privacy solution. FMN does not prevent all websites from tracking you, but it does help to improve the situation.

There are things that are impossible to clean with web-extensions at this moment and people can track you by other means than storing data in your browser. For example by analyzing how you interact with the web and finding patterns to match you. Though these kinds of tracking methods require a bit more effort and as such, fewer websites use them.

So to summarize: FMN can't clean everything and it can not prevent people from tracking you. Just like almost every lock can be picked, no matter how expensive. You have the choice to either put your bike on the street without a lock, with a 5$ lock (also called gift ribbons among thieves), or a more sophisticated lock. Your bike can be stolen in either case, but it's less likely with a sophisticated lock.

[practik]

Are you talking about the FMN cleanup?

No, actually I was talking about Firefox's cleanup – the settings in preferences to clear cookies and "offline website data" on close. Can Firefox can still find and clear all the other data for example.com if the cookies for example.com have already been cleared by FMN?

[ArchangeGabriel]

Yes of course. Firefox does not look for cookies to decide which sites to clean. It looks for existing data in each category and remove them when appropriate.

[Lusito]

What @ArchangeGabriel said is correct.

[practik]

Thank you both!