privacytools / privacytools.io

🛡🛠 You are being watched. Protect your privacy against global mass surveillance.
https://www.privacyguides.org
Creative Commons Zero v1.0 Universal
3.12k stars 384 forks source link

🆕 Software Suggestion | ForgetMeNot Browser Cleaning Extension #1898

Open jeroenev opened 4 years ago

jeroenev commented 4 years ago

Basic Information

ForgetMeNot Browser extension: "Make the browser forget website data (like cookies, local storage, etc.), except for the data you want to keep by adding domains to a whitelist, graylist, blacklist, or redlist." URL: https://addons.mozilla.org/en-US/firefox/addon/forget_me_not/

Description

This browser extension clears all browser data similarly to Cookie Autodelete, and seems to include Cookies+Localstorage like CookieAutoDelete.

Aside from this it also includes a lot of other methods, like ServiceWorkers, Plugin Data and IndexDB data, and Cache data (these are cleaned on browser startup only, not on leaving site, and these do not support the whitelisting rules, so everything gets cleared regardless of site)

Why I am making the suggestion

Because I saw the warning on the Cookie Autodelete plugin, I've been using this as an alternative for CAD for a while now, but seeing a warning on PT saying CAD is not able to delete serviceworker data, I thought it might be good to mention this.

My connection with the software

Just a user who discovered the software searching for something more comprehensive than CookieAutoDelete. mainly using https://samy.pl/evercookie/ as a baseline for how good it does it's cleaning. After opening the site, creating an EverCookie, leaving the site, closing the browser, and opening the site again, all data sources used to try to recover the data it seems to fail.

So it seems to me like it's doing its job really well.

These are the settings I use. FMN Settings

dngray commented 4 years ago

The issue is these things can only be deleted on shutdown. Temporary Containers deletes everything related to the container shortly after it is closed. Therefore Temporary Containers is a superior way of doing this as it doesn't rely on the user to regularly close their browser. Thoughts @Thorin-Oakenpants?

jeroenev commented 4 years ago

@dngray I definitely agree that Temporary Containers is a more comprehensive solution.

But this might be used as a more comprehensive alternative to Cookie AutoDelete, especially on mobile, where containers simply don't exist.

I also think simply whitelisting sites in CAD/FMN is simpler for users than managing FF containers.

ThracianKnight1907 commented 4 years ago

It seems that it's not in active devolpment. Also, there are issues related to containers, like this which are still open. Also the UI doesn't seem that user friendly, at least when I tested it a while ago it took me a while to understand it.

jeroenev commented 4 years ago

Last commit was less than a month ago. And have you seen the settings for Temporary containers? This add-on is not that confusing imho, even if CAD might still be slightly more user-friendly. EDIT: last commit in the version-3b branch was 6 days ago.

ph00lt0 commented 4 years ago

@dngray as far as I know ForgetMeNot does actually clean cookies when you close the tab if you opt for Immediatly as setting.

Thorin-Oakenpants commented 4 years ago

The issue here is not about sanitizing between sessions (and you should use FF's internal settings for that), it's about repeat visits to sites in-session. So that is the first thing I would say: i.e:

FYI: FF77+

They need testing and implementation into web extensions - but be aware that there are still outstanding issues with persistent web storage (but more edge case than anything else) which temporary containers can fix - i.e Origin Attributes cover a lot more - e.g. cache

As for ForgetMeNot, I think it uses a workaround to hack the IDB entries (IDB is used for IDB and service workers), or maybe that was Site Bleacher - IDK - I'm not interested in sanitizing extensions until they at least start to get some parity

Lusito commented 4 years ago

FMN is in active development, but I'm currently rewriting a lot of the code for a version 3 (which includes container support). That's why there haven't been any major changes aside from translations lately.

Just a few notes (beware, FMN is only on Firefox, so I can't say anything about chrome):

The term "on tab close" is not accurate for FMN. It cleans on domain leave. That includes tab close, but also just entering a new domain in the same tab.

FMN can do a lot more than CAD. It's probably that additional stuff that makes it a little less user-friendly, but it gives the user more options. For example, last time I checked CAD only had white and gray lists. FMN can prevent cookies from ever being set.

Browser support for cleaning is currently a bit limited. For example, while I will support container rules in V3, this will be limited to certain scenarios:

All of the above limitations are there because the browser API does not support it (yet). So container-specific rules will be limited in any web-extension. Some extensions even claim to clean things that they actually can't (like SiteBleacher).

So yes, the temporary container solution might fit some use-cases better, since you can remove containers (though I've seen reports, that they leave things behind => only a disk usage problem).

Depending on your use-case there's always going to be better solutions:

They all have drawbacks of course. First party isolation breaks some functionality. Other solutions forget your data completely, so you'll have to login over and over again.

FMN has a specific audience. Those people want fine-grained control over what exactly gets deleted (and when) and what remains.

FMN does not work arround anything using hacks currently. I don't like these kind of hacks, since they are ugly to maintain and they are unreliable.

@Thorin-Oakenpants it's not about the cleaning extensions getting parity, it's mostly about the browser API getting parity. If the browser API had the full power that we need, then it wouldn't take long until the cleaning extensions could catch up.

Lusito commented 4 years ago

BTW, why are containers nonexistent on android? As far as I can tell, the API is complete. The only thing that's missing is a UI for it. You wouldn't need that for temporary containers, facebook container, etc, right?

https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/API/contextualIdentities

Thorin-Oakenpants commented 4 years ago

it's not about the cleaning extensions getting parity, it's mostly about the browser API getting parity.

Sorry if I was confusing. The point being that extensions don't have the power to do the job fully (yet)


[ localStorage / IDB / SW cache / cache ] can't be cleaned per container either

IANA-WebExt-Expert, and I'm not sure about cache, but the rest are sanitized AFAIK (bugs aside). In a hardened setup, each visit would be a new OA anyway.

source

Temporary Containers only uses one API to remove data, and that is contextualIdentities.remove - which removes all userContextId tagged storage (including IDB). And even if it'd fail to do so, new contextualIdentities couldn't access the same data, since the cookieStoreIds (that's how the attribute is called in the API - it however refers to the userContextId used to OA-tag) are unique as long as the container feature is active.

Depending on your use-case there's always going to be better solutions

Indeed. With TC in hardened mode, there's no need for FPI (except in PBMode where container OA's cannot exist) - and the biggest drawback to FPI is cross-domain login flows (e.g using google to log into youtube). That's where dFPI comes in (which is a cookie setting in FF77+ and is a slightly relaxed FPI, and not as comprehensive (yet but will probably ramp up: e.g FPI covers things like HSTS, DNS cache etc). The bad news is dFPI and FPI are incompatible.


Anyway, I think this discussion is meant to be about CAD and FMN - and that's up to you PTIO peeps - personally I don't recommend any (persistent web storage) sanitizing extensions because there is a superior solution (not just the sanitizing but also the other items being isolated).

FPI and/or TC is not for everyone, so it makes sense to promote CAD or FMN (as well as sanitizing on close). That's up to you guys at PTIO to decide what to do: both need to implement the new cleaning IDB/SW by host, and FMN will soon have container support. My gut feeling is FMN seems like a better choice when ready

@Lusito thanks for responding 👍

Lusito commented 4 years ago

IANA-WebExt-Expert, and I'm not sure about cache, but the rest are sanitized AFAIK (bugs aside). In a hardened setup, each visit would be a new OA anyway.

I meant in the case where you don't delete the entire container but want to delete specific data in a container. At least on Firefox (stable), this is not supported yet (as said, they are working on it). Chrome maybe.

Yes, when you remove a container, it can't be accessed by websites anymore, so that is the only way to safely clean all the data as of now, but it does come with a loss of comfort.

FMN (or similar) still might complement temporary containers, as temporary containers only get cleaned upon removal. FMN can completely deny cookies from ever being set. Preventing tracking within the lifetime of a container.

I like having options (which is why I created FMN in the first place.. the author of CAD is not open for changes if they don't fit his vision).

Let me know if you have more questions.

dngray commented 4 years ago

Option 1: sanitize on close - should suit most users

That's what I had been doing on Android myself, with CAD. I regularly make sure I close my browser when finished.

e.g. some users keep their browser open for days on end

That is one of my main concerns. It's likely this is more of an issue for desktop users, ie ones who hibernate. I suppose with Android users many, would not actually close Fennec, they'd just open some other apps and switch between them.

Well as it is at the moment, we only suggest CAD for Android platforms where you can't run Temporary Containers on Fennec. What I like about Temporary Containers in automatic mode, is it's pretty fool proof, and requires minimal configuration, so its easy to set up.

both need to implement the new cleaning IDB/SW by host, and FMN will soon have container support. My gut feeling is FMN seems like a better choice when ready

That was my feeling as well. I think we might replace CAD with FMN 3 comes out, as it does appear to be more complete and able to clear things other than cookies (afaik that's all CAD can clear).

BTW, why are containers nonexistent on android? As far as I can tell, the API is complete. The only thing that's missing is a UI for it. You wouldn't need that for temporary containers, facebook container, etc, right?

I think the issue is that Temporary Containers requires the ability to create tabs with container backed storage.

FMN can completely deny cookies from ever being set. Preventing tracking within the lifetime of a container.

I currently use umatrix for doing that, in particular news websites that only let you view 3 articles for free. :pirate_flag:..

Thorin-Oakenpants commented 4 years ago

I currently use umatrix for doing that ... [re "denying cookies from ever being set"]

First: it doesn't stop cookies being "set", only "leaving" your computer Second: it only applies to HTTP cookie headers (edit: i.e JS bypasses it)

[1] https://github.com/gorhill/uMatrix/wiki/Cookies

And blocking the cookie via extension, still means other persistent storage is available. For these sorts of sites you are probably better off just blocking cookies via site permissions (this also neuters sessionStorage, localStorage, IDB, service workers) - depends if you sanitize site settings on close. i.e the cookie permission is the master switch for Quota Manager

dngray commented 4 years ago

For these sorts of sites you are probably better off just blocking cookies via site permissions

Yeah I narrowed down it was one specific 1st party cookie causing the issue, when I used uMatrix to block it's creation then I could visit any number of articles.

Lusito commented 4 years ago

FYI there is currently some progress going on in the browsingData API: https://bugzilla.mozilla.org/show_bug.cgi?id=1340511

If https://bugzilla.mozilla.org/show_bug.cgi?id=1353726 gets done next, there might be hope for nice cleaning features.