Lusito / forget-me-not

Make the browser forget website data, except for the data you want to keep.
zlib License
227 stars 25 forks source link

When whitelisting a domain, third-party cookies are whitelisted too? #216

Closed sha-265 closed 1 year ago

sha-265 commented 4 years ago

Or just the first party cookies are whitelisted, and third party deleted anyway?

Thanks.

Lusito commented 4 years ago

No, third-party cookies don't get whitelisted for it. When and if they get deleted depends on your third-party settings, your rules and your fallback settings.

For example: If you are on a whitelisted page and it uses google analytics to track your information. Googles cookies are third-party. But if you whitelist google, then these cookies won't ever get deleted.

I hope this answers your question

sha-265 commented 4 years ago

Thank @Lusito, but not really. If I whitelisted Google, and then I go to a different website that uses Google, Google's third party cookie wouldn't deleted?

If so, how can I prevent this from happening?

Lusito commented 4 years ago

Well, that would be kind of a difficult task to do..

You are telling the extension that you want to keep google cookies, but don't want them if they are third-party. When they have been stored, there is no difference between a first-party cookie and a third-party cookie.

So let's say you visit google, which sets cookie a, b, c. At some other point in time you visit a blog which uses some google tracker, which uses cookie c, d, e. Cookie c would already have been transferred to the google tracker. Best case scenario is, that the google tracker sets the cookies d & e in an HTTP header. In that case, I could theoretically block the third-party cookies. But it wouldn't affect the already stored cookie c.

The best thing you could do, is to allow only specific google cookies that you need and the rest get removed.

Rex-0x7CB commented 4 years ago

@sha-265 : Maybe not the best solution but, if you're final goal is to avoid such scenario to occur, you can combine forget-me-not with Firefox container and avoid it from happening. Simply create an isolated container for google and its services (Gmail, Youtube, etc).

Or, if you want to further strengthen your Privacy Stance, better to create one contianer for "google.com" and other container for (Gmail, Youtube, etc) so that your Google seraches do not get matched to your personal account and one container for each website that you visit quite often.

Use Forget-Me-Not to block and delete third party cookies and also to delete unnecessary first-party cookies. This will compliment your privacy settings.