The default bug view has changed. See this FAQ.

Clear plugin data in "clear private data"/"forget about this site"

RESOLVED FIXED

Status

()

Firefox
Private Browsing
--
enhancement
RESOLVED FIXED
12 years ago
6 years ago

People

(Reporter: Philip Chee, Assigned: dwitte@gmail.com)

Tracking

({privacy})

Trunk
privacy
Points:
---
Dependency tree / graph
Bug Flags:
blocking-firefox3 -

Firefox Tracking Flags

(blocking2.0 -)

Details

(Whiteboard: [sg:want], URL)

(Reporter)

Description

12 years ago
User-Agent:       Mozilla/5.0 (X11; U; SunOS i86pc; en-US; rv:1.8a6) Gecko/20050111 MultiZilla/1.8.0.0a Mnenhy/0.7.2.0
Build Identifier: Mozilla/5.0 (X11; U; SunOS i86pc; en-US; rv:1.8a6) Gecko/20050111 MultiZilla/1.8.0.0a Mnenhy/0.7.2.0

Flash "cookies" or "persistent identification elements" aka PIE are actually
Flash MX shared local objects.  To quote the article:

"When a consumer goes to a PIE-enabled website, the visitor's browser is tagged
with a Flash object that contains a unique identification similar to the text
found in a traditional cookie. In this way, PIE acts as a cookie backup, and can
also restore the original cookie when the consumer revisits the site."

Please consider blocking these kinds of "cookies" too.

I'm sure that there must be a duplicate bugzilla bug in here somewhere but I
can't find it.

Reproducible: Always

Steps to Reproduce:
(Reporter)

Comment 1

12 years ago
Update: there is an extension for Firefox that does this:
<http://www.yardley.ca/objection/>

"What is 'objection'?

objection is an extension for Firefox that adds deletion of Local Shared Objects
to the Option > Privacy panel."

It would be nice for this feature to be integrated into firefox.
that page made it clear that this is handled entirely in the plugin. thus, it is
completely out of the scope of the networking library. -> ffox frontend

(Hm... comment 0 says you are using mozilla, not firefox?)
Assignee: darin → firefox
Component: Networking: Cookies → General
Product: Core → Firefox
QA Contact: networking.cookies → general
Summary: [Enh] Block Flash MX "cookies" as well → Block Flash MX "cookies" as well
(Reporter)

Comment 3

12 years ago
 Christian Biesinger (:bi) wrote:

> (Hm... comment 0 says you are using mozilla, not firefox?)

I'm from the Flashblock team so I use both for testing. I opened this bug
because someone in the flashblock mailing list asked us to block flash cookies
as well.  I thought that this was more appropriate as part of firefox/seamonkey
instead of an extension - then several minutes later I find the "objection"
extension while looking for something else.

Grrr.  The author of objection totally replaces PrivacyPanel.clearAll() instead
of handing off to the original after processing the LSOs.

Comment 4

12 years ago
*** Bug 298825 has been marked as a duplicate of this bug. ***

Comment 5

11 years ago
I don't see a dupe of this bug, marking as new.

Updated

11 years ago
Status: UNCONFIRMED → NEW
Ever confirmed: true
Assignee: bross2 → nobody

Updated

10 years ago
Duplicate of this bug: 383320
Duplicate of this bug: 399724
(Assignee)

Updated

10 years ago
Summary: Block Flash MX "cookies" as well → Block/clear Flash MX "cookies" as well
(Assignee)

Updated

10 years ago
Duplicate of this bug: 400934
Flags: blocking-firefox3?
Whiteboard: [sg:want]
Keywords: privacy
Duplicate of this bug: 414478
(Reporter)

Comment 10

9 years ago
There is no patch. And even if there were, it would have i18n impact. I think it's too late in this cycle to block.
(Reporter)

Comment 11

9 years ago
Updated link to the Objection extension (Delete Flash Local Shared Objects):
http://objection.mozdev.org/
Not blocking, far too late for changes of this type.
Flags: blocking-firefox3? → blocking-firefox3-

Comment 13

9 years ago
Surely there are other plugins that store private data. Shouldn't we simply have a "Plug-in data" checkbox in the Clear Private Data... window? Why clear just cookies and leave other private data on disk?
(Reporter)

Comment 14

9 years ago
Is there a universal "clear plugin private data" API or does each plugin do things differently? If the latter I don't see how it would be practical to build in awareness of any and all plugin data handling not just for currently existing plugins but for any hypothetical future plugins from some obscure developer in Upper Moldavia. 

Comment 15

9 years ago
There doesn't have to be a consistent API for Firefox to do its best for the common ones, Flash, Java, QuickTime, WMP, Acrobat and a few others.
(Reporter)

Comment 16

9 years ago
(In reply to comment 15)
> There doesn't have to be a consistent API for Firefox to do its best for the
> common ones, Flash, Java, QuickTime, WMP, Acrobat and a few others.

In that case I suggest that having a "Plug-in data" checkbox in the Clear Private Data dialog would give a wrong impression, not to mention a false sense of security to the average mom'n'pop user who doesn't realise that this only clears data from popular plugins. Unless of course you change it to a "Some Plug-in data" checkbox.

Comment 17

9 years ago
Philip, no more misleading than our current "clear cookies" or "clear offline website data" (and probably others) neither of which are cleared in certain plugin cases.  You're making perfect the enemy of good here.  We can probably never get everything and we can't be 100% accurate in our labeling without making the dialog unusable. 
(Reporter)

Comment 18

9 years ago
> You're making perfect the enemy of good here.

Asa, normally I'd agree with you (i.e get something working first, worry about perfection later), but one of our "selling points" is that Firefox does security better than that other browser so I want to be more cautious when it comes to this type of issue. But I'll defer to the security and UI people who know more about these sort of things.

Updated

8 years ago
Duplicate of this bug: 471331

Updated

8 years ago
Component: General → Private Browsing
QA Contact: general → private.browsing

Comment 20

8 years ago
Hi just wanted to let y'all know, the objection plugin is not compatible with 3.5. Thus the workaround no longer works.
(Reporter)

Comment 21

8 years ago
https://addons.mozilla.org/en-US/firefox/addon/6623

BetterPrivacy 1.29
Works with Firefox: 2.0 – 3.6a1pre

Updated

8 years ago
Blocks: 508068

Comment 22

8 years ago
Hi,

we (Adobe) are planning on supporting private browsing in Firefox and other browsers in a forthcoming Flash Player release.

additionally, we would welcome an NPAPI addition that would be called when a user wants to clear their private data. this is in our future plans also, but would likely happen a lot faster if this was implemented by Mozilla, rather than us having to write the patch for it ourselves.

Comment 23

8 years ago
also PLEASE do not try to clear LSO's in the browser code - imo this is something that should be handled by plugins themselves via an NPAPI addition.

Comment 24

8 years ago
Ian

Does Adobe have somewhere where interested people can contribute to discussion on the implementation? There are some, in my opinion, very complex issues that Adobe will have to overcome.

I have been looking at implementing Private Browsing mode support into Objection and the only solutions I came up with could create big problems for the user.

Updated

8 years ago
Depends on: 508167

Comment 25

8 years ago
Linux users or extension developers may wish to know that the popular swfdec plugin stores site information in the file ~/.config/swfdec-mozilla (or similar).

Updated

7 years ago
Private browsing in Flash Player 10.1
http://www.adobe.com/devnet/flashplayer/articles/privacy_mode_fp10.1.html

Adobe Flash Now Supports InPrivate Browsing
http://blogs.msdn.com/ie/archive/2010/02/11/adobe-flash-now-supports-inprivate-browsing.aspx

Comment 27

7 years ago
Ian -

With Private Browsing, it looks like Adobe has decided to ask the browser if it is in Private Browsing and choose its mode based on that, correct?

Also, I don't see anything in https://bugs.adobe.com for allowing the browser to tell Flash what to clear.

All -

If this bug was specifically for Firefox Private Browsing, then I'd say it is resolved and a separate bug is needed for regular browsing.

Comment 28

7 years ago
Chrome now allows the user to clear Flash cookies. Their idea might be worth checking out: http://www.imasuper.com/640/technology/chrome-adds-links-to-clear-adobe-cookies/

Their solution is not complete, but at least a first step towards some control.

Updated

7 years ago
Flags: blocking1.9.0.19?
Flags: blocking1.9.0.19?

Updated

7 years ago
Blocks: 565561

Updated

7 years ago
blocking1.9.1: --- → ?
blocking1.9.2: --- → ?
blocking2.0: --- → ?

Updated

7 years ago
Component: Private Browsing → Security
QA Contact: private.browsing → firefox
(Reporter)

Comment 29

7 years ago
> obsolete.fax@gmail.com changed:
>
>           What    |Removed                     |Added
> ----------------------------------------------------------------------------
>          Component|Private Browsing            |Security
>          QAContact|private.browsing@firefox.bu |firefox@security.bugs
>                   |gs                          |

Please don't randomly change component and flags if you don't know what you are doing.
blocking1.9.1: ? → ---
blocking1.9.2: ? → ---
blocking2.0: ? → ---
Component: Security → Private Browsing
QA Contact: firefox → private.browsing

Comment 30

7 years ago
(In reply to comment #29)
> > obsolete.fax@gmail.com changed:
> >
> >           What    |Removed                     |Added
> > ----------------------------------------------------------------------------
> >          Component|Private Browsing            |Security
> >          QAContact|private.browsing@firefox.bu |firefox@security.bugs
> >                   |gs                          |
> 
> Please don't randomly change component and flags if you don't know what you are
> doing.

I changed component from (In reply to comment #29)
> > obsolete.fax@gmail.com changed:
> >
> >           What    |Removed                     |Added
> > ----------------------------------------------------------------------------
> >          Component|Private Browsing            |Security
> >          QAContact|private.browsing@firefox.bu |firefox@security.bugs
> >                   |gs                          |
> 
> Please don't randomly change component and flags if you don't know what you are
> doing.

I changed component from Private Browsing to Security because there is no Private Browsing component in 3.0.19. I changed to Security, as then websites can see what Flash cookies are there (what websites you have visited.)
(Reporter)

Comment 31

7 years ago
mconnor has already minused blocking-firefox3-. Don't renominate bugs for a branch that have already been denied by drivers.

This is a privacy issue not a security issue. Please don't confuse the two concepts.

There are no patches here. Nobody is working on this bug - See the Assigned to field. It is useless nominating bugs such as this without a clear plan, without clear goals, without any working patches. If you want to discuss this issue please do it in the mozilla forums e.g. newsgroup mozilla.dev.apps.firefox rf the associated mailing list.

Updated

6 years ago
Duplicate of this bug: 614225

Comment 33

6 years ago
Presumably this missed 4 but I see no way to nominate for 4.next so giving blocking2.0? a shot.  (btw, implemented in Chrome here http://codereview.chromium.org/5579002/ )
blocking2.0: --- → ?
Looks like they did it by making modifications to the version of Flash that they ship, which we can't really do at the moment. We can't block 2.0 on this at this point.
blocking2.0: ? → -
(Assignee)

Comment 35

6 years ago
The NPP_ClearSiteData API is being finalized right now, and given Adobe's interest they'll likely implement it fairly quickly. We should get started on the Firefox code to aid in their testing, with an eye to roll this out in a point release.
(Assignee)

Comment 36

6 years ago
Changing summary to better describe what we're actually going to do here. (If we want a separate bug on clearing plugin data when you clear cookies, we should file one, but I don't have a strong opinion right now. I think this will be better solved with the new site preferences/history UI in the works.)
Assignee: nobody → dwitte
Summary: Block/clear Flash MX "cookies" as well → Clear plugin data in "clear private data"/"forget about this site"
(Assignee)

Updated

6 years ago
Depends on: 618461
I suspect that this bug will become a meta, since it's about "plugin data" now and bug 618461 is just about Adobe Flash. That's probably OK. I'm going to open a new bug for the UI hookup for Flash.
For those interested:

Bug 625495 - Clear Adobe Flash Cookies (LSOs) when Clear Cookies is selected in the Privacy > Custom > Clear History When Firefox Closes > Settings... dialog

Bug 625496 - Clear Adobe Flash Cookies (LSOs) when Cookies is selected in Clear Recent History

Bug 625497 - Clear Adobe Flash Cookies (LSOs) when "Forget This Site" is selected
(Assignee)

Comment 39

6 years ago
Fixed by bug 508167 and the above.
Status: NEW → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → FIXED
Duplicate of this bug: 636381

Updated

6 years ago
Duplicate of this bug: 665384
You need to log in before you can comment on or make changes to this bug.