forget-me-not icon indicating copy to clipboard operation
forget-me-not copied to clipboard

Published 20 hours ago verified publisher icon Lusito

Deleting cookies with FF 86.0

Open ghost opened this issue 4 years ago • 4 comments

forget-me-not does not delete all cookies when the new FF function "Total Cookie Protection" is active. Some cookies remain stored (e.g. Google, Wikipedia), some are not. Everything works flawlessly when switching back to the old container model privacy.firstparty.isolate.

MX-Linux 19.3 ahs x64 (based on Debian 10) Firefox 86.0

ghost avatar Feb 24 '21 18:02 ghost

Just to show an example:

Bildschirmfoto_2021-02-28_10-19-20

ghost avatar Feb 28 '21 09:02 ghost

Yes, I have the same problem when using TotalCookieProtection with Firefox 86(Settings->Privacy->Enhanced tracking protection->Strict). This issue does not related to ForgetMeNot exclusively, other cookies addons such as CookieAutoDelete do not work correctly either. I cannot even manually remove cookies with CookieQuickManager, only Firefox built-in cookie manager lets me do that. I guess, when using strict protection, Firefox 86+ uses new API for cookie management which is not supported by classic extensions yet.

Alexey104 avatar Mar 15 '21 11:03 Alexey104

I'm using "total cookie protection" (by enabling "Strict" tracking protection), and am also noticing problems with cookies not being deleted, I guess they are related but I haven't tested. It's only some cookies, and yes, any Wikipedia site cookies, plus any Stackexchange-related cookies and a few others are not removed, while other sites like Apple.com are. Firefox 89 and 90.

ElhemEnohpi avatar Jul 15 '21 12:07 ElhemEnohpi

The new "dynamic first party isolation" as used in "strict" mode isn't supported by the web extensions apis yet for cross-site cookies that are allowed by it, most often for legitimate cross-site login services like Wikipedia uses. This affects all cookie-deleting extensions. It's something Mozilla needs to fix first, and it's being worked on. It's not clear yet whether or not extensions will require changes when it's finished.

Using "custom" mode and selecting "cross-site tracking cookies" instead of "cross-site cookies" will work, but is less strict. You can still use the older non-dynamic first party isolation from Tor, which is more strict than the dynamic one but breaks some things like legitimate cross-site login services, by enabling the privacy.firstparty.isolate preference in about:config. Changing between settings may or may not lead to you tossing your cookies.

Firefox bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1669716 Same issue for Cookie Auto-Delete: https://github.com/Cookie-AutoDelete/Cookie-AutoDelete/issues/807

ElhemEnohpi avatar Aug 14 '21 16:08 ElhemEnohpi