search

Lusito / forget-me-not

Make the browser forget website data, except for the data you want to keep.
zlib License
227 stars 25 forks source link

Deleting cookies with FF 86.0 #276

Open ghost opened 3 years ago

ghost commented 3 years ago

forget-me-not does not delete all cookies when the new FF function "Total Cookie Protection" is active. Some cookies remain stored (e.g. Google, Wikipedia), some are not. Everything works flawlessly when switching back to the old container model privacy.firstparty.isolate.

MX-Linux 19.3 ahs x64 (based on Debian 10) Firefox 86.0

ghost commented 3 years ago

Just to show an example:

Bildschirmfoto_2021-02-28_10-19-20

Alexey104 commented 3 years ago

Yes, I have the same problem when using TotalCookieProtection with Firefox 86(Settings->Privacy->Enhanced tracking protection->Strict). This issue does not related to ForgetMeNot exclusively, other cookies addons such as CookieAutoDelete do not work correctly either. I cannot even manually remove cookies with CookieQuickManager, only Firefox built-in cookie manager lets me do that. I guess, when using strict protection, Firefox 86+ uses new API for cookie management which is not supported by classic extensions yet.

ElhemEnohpi commented 2 years ago

I'm using "total cookie protection" (by enabling "Strict" tracking protection), and am also noticing problems with cookies not being deleted, I guess they are related but I haven't tested. It's only some cookies, and yes, any Wikipedia site cookies, plus any Stackexchange-related cookies and a few others are not removed, while other sites like Apple.com are. Firefox 89 and 90.

ElhemEnohpi commented 2 years ago

The new "dynamic first party isolation" as used in "strict" mode isn't supported by the web extensions apis yet for cross-site cookies that are allowed by it, most often for legitimate cross-site login services like Wikipedia uses. This affects all cookie-deleting extensions. It's something Mozilla needs to fix first, and it's being worked on. It's not clear yet whether or not extensions will require changes when it's finished.

Using "custom" mode and selecting "cross-site tracking cookies" instead of "cross-site cookies" will work, but is less strict. You can still use the older non-dynamic first party isolation from Tor, which is more strict than the dynamic one but breaks some things like legitimate cross-site login services, by enabling the privacy.firstparty.isolate preference in about:config. Changing between settings may or may not lead to you tossing your cookies.

Firefox bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1669716 Same issue for Cookie Auto-Delete: https://github.com/Cookie-AutoDelete/Cookie-AutoDelete/issues/807