Closed Bug 1206001 Opened 9 years ago Closed 5 years ago

Forget About This Site doesn't clear third-party data

Categories

(Toolkit :: Data Sanitization, defect)

Product:
Toolkit
Component:
Data Sanitization
Version:
40 Branch
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED WONTFIX

People

(Reporter: kolubat, Unassigned)

Details

(Keywords: privacy) 

User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:40.0) Gecko/20100101 Firefox/40.0
Build ID: 20150511030203

Steps to reproduce:

As an example, I did this (first case):

1) Delete the folders from the #SharedObjects folder pertaining to (presumably NSFW) ss.phncdn.com

2) Visited a video on (also NSFW) Pornhub.com

3) Closed the tab

4) Right clicked on the video's entry in the History sidebar and chose "Forget about this site".




Actual results:

After doing that, I looked in the #SharedObjects folder, and the ss.phncdn.com folder had been recreated and not deleted.

Another example of the issue, second and third cases: Blocking cookies on www.pornhub.com and ss.phncdn.com still created the folder, as does setting "Accept third-party cookies: Never".

Fourth case: Setting "Keep cookies until I close Firefox" also creates and keeps the local storage file.


Expected results:

The folder should be gone, since in the first case there is no evidence shown in the History that the site was ever visited.

In the second and third cases, the user would likely assume that the folder does not exist, as well. In the fourth case, the user would likely assume that the folder was removed after closing Firefox.

While not an issue for me personally since I don't have significant privacy concerns regarding this, it seems to me that it may accidentally compromise other users' privacy.

Thank you for the wonderful browser!


—This bug discovery was not all my work; extensive help was given by others, for which I am most grateful.
This report conflates two issues in one. I'm editing it so it's just about the first; please file a separate report for the second, then post the bug number here.

1. “Forget About This Site” doesn't clear third-party data.

2. Options/Preferences → Privacy has no effect on Flash LSOs. This may be a duplicate of bug 645080, though I don't know if that also covers fine-grained control via exceptions. Such reports seem to be getting duped to bug 290456, although it definitely doesn't cover the cases in the other reports.

(In reply to kolubat from comment #0)
> Fourth case: Setting "Keep cookies until I close Firefox" also creates and
> keeps the local storage file.

You can instead check “Clear history when Firefox closes”, click the Settings button, then check Cookies.

If you need more fine-grained control, you can use the BetterPrivacy add-on.
https://addons.mozilla.org/firefox/addon/betterprivacy/
Component: Untriaged → Forget About Site
Keywords: privacy
OS: Unspecified → All
Product: Firefox → Toolkit
Hardware: Unspecified → All
Summary: Confusing behavior regarding Flash local storage deletion → Forget About This Site doesn't clear third-party data

Yes, sorry, there's a limit to how much forget about this site can delete. The Keep Cookies Until setting should correctly delete localStorage by now.

Status: UNCONFIRMED → RESOLVED
Closed: 5 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.