search

RequestPolicyContinued / requestpolicy

a web browser extension that gives you control over cross-site requests. Available for XUL/XPCOM-based browsers.
https://github.com/RequestPolicyContinued/requestpolicy/wiki
Other
252 stars 35 forks source link

clear/delete all RequestPolicy data when uninstalled #227

Open msxfm opened 10 years ago

msxfm commented 10 years ago

Issue by jsamuel Thursday Dec 22, 2011 at 19:01 GMT Originally opened as https://github.com/RequestPolicy/requestpolicy/issues/227

imported trac ticket
created: 2011-04-25 14:16:04
reporter: justin

When !RequestPolicy is uninstalled, it leaves behind the user's whitelist in the browser configuration. I think the correct default behavior is to instead remove all traces of RP that we can remove.

This would mean that if the user expected this data to remain after uninstall, restart, and install again, their custom whitelist would be permanently lost. Though this is unfortunate if the user didn't expect to lose their whitelist, it seems dangerous to leave the data behind as other users will reasonably assume that this data was removed. The potential impact of assuming the data is deleted is worse than assuming it isn't. If a user had whitelisted sites that they no longer wanted others to be able to determine they had visited (e.g. the user had specifically cleared all browser history, cookies, cache, etc. at some point after uninstalling RP), then the fact that RP didn't delete this data may put the user at risk if others obtain access to their computer. The risk of this unexpected data remaining is too great to justify the potential usability benefit of leaving behind the whitelist after uninstall.

Note that starting with RP 0.6, we'll need to delete the "requestpolicy" directory from the user profile directory, as well.

myrdd commented 10 years ago

IMHO user data should not be removed by default when uninstalling. Perhaps the user could get a dialog asking whether to remove the data.

nodiscc commented 10 years ago

https://requestpolicycontinued.github.io/#after-uninstall :

Privacy note: RequestPolicy will leave various RequestPolicy-specific settings and configuration files in your browser profile even after it has been uninstalled. For example, your whitelist will still be available to other people who have access to your computer. This is a known bug (see ticket #227). A future version of RequestPolicy will attempt to delete all RequestPolicy whitelist data, etc., when RequestPolicy is uninstalled.

nodiscc commented 9 years ago

I'm doing some work on documentation and this came up again. IMHO there should be another option under Preferences>Advanced: Remove RequestPolicy blacklists/whitelists when uninstalling and should be enabled by default (for privacy reasons).

Uninstalling the addon is not a light decision (else, just disable it) and I expect it to delete all browsing information on uninstall.

Users may be asked about this preference during the initial setup "wizard" requested at https://github.com/RequestPolicyContinued/requestpolicy/issues/448

myrdd commented 9 years ago

@nodiscc I still think that cleanup on uninstall should be disabled by default. I consider accidental loss of data more serious than not-deleted data. A compromise could be to open a tab on uninstall in case local data has not been deleted.