search

underrobyn / AbsoluteDoubleTrace

A web extension to block browser fingerprinting (Manifest V2)
https://absolutedouble.co.uk/trace/
Other
345 stars 48 forks source link

The add-on plants a cookie #58

Open Rex-0x7CB opened 4 years ago

Rex-0x7CB commented 4 years ago

Describe the bug I noticed that every time I open my browser, a cookie for domain 'absolutedouble.co.uk' is planted. I understand that it's the homepage for this add-on and it might be reaching out to see if there's an update (I haven't read the code yet) but planting a cookie looks suspicious.

To Reproduce Steps to reproduce the behaviour:

  1. Install the plugin
  2. Close your browser (Firefox)
  3. Open your browser (Firefox)
  4. Go to Options>Privacy & Security>Cookies and Site Data> Manage Data
  5. Notice the presence of cookie for domain 'absolutedouble.co.uk'
  6. Delete the cookie manually by selecting it, removing it and saving the changes
  7. Restart the browser and repeat the steps 4 and 5.

Desktop (please complete the following information):

underrobyn commented 4 years ago

Hi,

The cookie is probably a Cloudflare uuid, this is set by Cloudflare and not me when you connect to absolutedouble.co.uk for blocklist updates and error reporting.

As stated in the privacy policy:

Like many websites, AbsoluteDouble uses Cloudflare, please make sure you agree to their privacy policy before browsing this website. If you do not agree to the privacy policy and still wish to use Trace, you can turn off error reporting and the web request controller to stop all communication with absolutedouble.co.uk.

The reason for my use of Cloudflare is simply due to the fact that the website and addon get a lot of traffic, without it my server would be much slower.

I'm not doing any tracking of users and take issues like this very seriously. I will be looking into ways of stopping the cookie from being set on Trace's subdomain if people would be interested in that.

Thanks

Rex-0x7CB commented 4 years ago

@jake-cryptic : I'm not suggesting that you track users. You've created an incredible add-on to stop exactly that from happening and I really appreciate your effort for that. I'm merely saying that having an add-on that plants a cookie looks suspicious, especially in a privacy-oriented community like ours.

Since the cookie is planted in your domain's name, it taints your domain's reputation even if it's Cloudflair's job!

I thank you again for responding quickly and taking the matter seriously and I look forward to having this issue fixed.

Cheers and peace!