Any Add-on to shred cookies without closing Firefox?

Discussion in 'privacy technology' started by zmechys, Mar 17, 2013.

Thread Status:
Not open for further replies.
  1. zmechys

    zmechys Registered Member

    Joined:
    Dec 29, 2012
    Posts:
    471
    Location:
    usa
    I'm trying to find an add-on for Firefox (or for Internet Explorer) that could SECURELY SHRED cookies and browsing history without closing the browser? All helpful add-ons simply remove/delete cookies but not shredding them.
     
  2. jo3blac1

    jo3blac1 Registered Member

    Joined:
    Sep 15, 2012
    Posts:
    739
    Location:
    U.S.
    I don't know about securely but Self Destructing Cookies is one extension that would work.
     
  3. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    @ zmechys

    Hi, you might not need one, as you can achieve that from within FF ;)

    1.png 2.png
     
  4. zmechys

    zmechys Registered Member

    Joined:
    Dec 29, 2012
    Posts:
    471
    Location:
    usa
    I'm looking for ANY ADD-ON TO SHRED COOKIES AND HISTORY WITHOUT CLOSING FIREFOX, or any browser.

    I'm not trying to find an add-on to remove cookies and history.
    I want to be able to use something like, Advanced Overwrite (3 times), or Empty cookies/history without a trace with Privazer, etc...

    When you delete cookies/history, they don't go to recycle bin, that you could shred with Privazer.

    For some reason, I cannot find any add-on or any program that could SECURELY SHRED cookies and browsing history without closing the browser.
     
  5. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    @ zmechys

    Sorry i misread your post :(

    Be nice if we could find something though ;)
     
  6. zmechys

    zmechys Registered Member

    Joined:
    Dec 29, 2012
    Posts:
    471
    Location:
    usa
    I've asked Privazer, but they immediately said, "NO".
     
  7. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,582
    Location:
    European Union
    For Firefox, the reason is very simple. Cookies and history are not stored inside a normal file, but inside a Sqlite database. And shredding data stored inside a database is not as simple as shredding data inside a normal file. Also, while Firefox is running, it has a lock on the database, so no other tool is able to access it.
     
  8. zmechys

    zmechys Registered Member

    Joined:
    Dec 29, 2012
    Posts:
    471
    Location:
    usa
    If so, let me ask you the following question.

    If I go to "Options" - "Privacy" - "Show cookies" - and delete all cookies by clicking on "Remove all cookies", what happens to cookies?
    They are not visible any more in the "Show cookies" window.
    Also, I need to sign in again.

    What happens if I go to "History" - "Clear recent History" - and click on "Clear Now"?
    I cannot see my browsing history anymore.
     
  9. Techwiz

    Techwiz Registered Member

    Joined:
    Jan 5, 2012
    Posts:
    539
    Location:
    United States
    From what Nebulus describes, if Firefox locks the database then it's not accessible to other applications on your computer. That wouldn't necessarily prevent Firefox itself from accessing it though. So when you go to removal all cookies, it's Firefox removing cookies from a database its currently managing. Similar to how you can't rename an open word document by right clicking and renaming it. You would have to either save it as something new or do it from within Microsoft word. So cookie management via a Firefox add-on might be the only way to go about doing this other then the web browser itself.
     
  10. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,582
    Location:
    European Union
    This is correct. Firefox has (obviously) full access to the databases, otherwise it wouldn't be able to read/write to them. But Firefox is just giving a command to delete cookies or history, and the Sqlite engine is actually deleting the data. So if you would want a secure erase, it would need to be implemented into Sqlite (which is not likely to happen, because this is not its purpose).
     
  11. zmechys

    zmechys Registered Member

    Joined:
    Dec 29, 2012
    Posts:
    471
    Location:
    usa
    At this moment, I don't care about Sqlite file. Why?
    It's a "dead" log sheet, that WILL be safely erased with Privazer or any other respected cleaner immediately when my Internet session is over.

    Let's use an analogy.

    Sqlite file - it's like a "customer log sheet" on the cruise-vessel, "Firefox".
    Clerk/computer entered the name of the customer Cookie 1, Cookie 2, etc...
    It's only a log that will be securely destroyed in due time.

    It's not a noisy, nosy, obnoxious, always-chatting, etc... customer Cookie 1, or Cookie 2 constantly talking on the cell-phone to someone somewhere, reporting everything that's happening on the vessel, Firefox.

    I'd like to safely remove the cell-phones (cookies) of those chatty customers, securely erase all the data from those cell-phones (cookies), not just simply archive them with all the phone information left intact.

    Again, cookies and browsing history is very easily removed using various Add-ons. I just want them to be securely shredded. That's it.
     
  12. chrisretusn

    chrisretusn Registered Member

    Joined:
    Jun 16, 2004
    Posts:
    1,322
    Location:
    Philippines
    Probably won't satisfy you, but you can install SQLite Manager :: Add-ons for Firefox

    With it you can open the cookies.sqlite database and Compact the database which purges deleted records. You could do this with any of the sqlite databases Firefox uses.
     
    Last edited: Mar 20, 2013
  13. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,582
    Location:
    European Union
    Please, reread my answer or try to understand how a database engine works. Sqlite file is not just a file, it's holding the entire database structure. If you remove it completely by shredding it, all the information inside will disappear. But it is not possible to securely erase only a PART of the information, and certainly not from outside Firefox.
     
  14. zmechys

    zmechys Registered Member

    Joined:
    Dec 29, 2012
    Posts:
    471
    Location:
    usa
    Nebulus, thank you for your response.

    Just for for entertainment purposes only, let's do very simple steps for me to understand about cookies.

    When I go to Options - Show cookies, I see the following picture:
    Cookies 1.PNG

    I click on Remove All Cookies, and I get the following picture:
    NoCookies.PNG

    What happened to my cookies? Where are those deleted cookies? Where are they stored right now?


    Why do I need to log-in again in order to post this comment?

    Next, I decided to Clear Recent History:

    ClearHistory.PNG

    Now, I cannot go back to my previous web-page.
    Why?
    Where are the web-sites I've just visited?
     
  15. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,582
    Location:
    European Union
    OK, I'll try to go into more details, maybe I can manage to make myself understood :)

    Let's consider cookies. When a site wants to add a cookie, Firefox will issue a command to the Sqlite database engine (let's call that command "ADD COOKIE x", because I don't want to go into the SQL internals). That command will add the "COOKIE x" to a database. Note that this is not the same as simply adding the cookie to the file, the process is a bit more complex.
    You continue to navigate, and more "ADD COOKIE" commands will be issued, and more cookies will be stored. Now, you decide to delete one of the cookies. When you press the corresponding button, Firefox will issue a command like "DELETE COOKIE x", and the database engine will interpret it and remove the cookie from the storage. When you press the "Remove all cookies" button, Firefox will iterate through all cookies and remove them one by one using "DELETE COOKIE x" commands.

    The problem here is that "ADD COOKIE" and "REMOVE COOKIE" commands are not under Firefox's control, they are Sqlite database engine commands. If Sqlite engine supports just those two commands (it's an over-simplification of the real case), you will not be able, for instance to issue an "EDIT COOKIE x" command, no matter how much you would like to edit a cookie!

    Here comes your problem: Firefox can tell the database engine to remove a cookie, but because the engine doesn't know how to secure-erase it (it was not built for this purpose), it will delete it the way it knows. In order to achieve what you want, you would need to modify the database engine I used in the example above by adding a "SHRED COOKIE x" command. Note that this is not a change in Firefox, but in one of the libraries (sqlite) that Firefox builds on. This is the reason why creating an extension that secure erases only some cookies is nearly impossible.
     
  16. zmechys

    zmechys Registered Member

    Joined:
    Dec 29, 2012
    Posts:
    471
    Location:
    usa
    I've really learned something. Thank you Nebulus.

    Who/what controls Sqlite engine? Who/what writes the commands for it?
    Could the cookies be removed to Recycle Bin? Where are the deleted cookies going in the memory and why?
    Could Sqlite use the command "Update" and add something to a cookie in order to neutralize it and later shred it later with Privazer?
     
  17. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,764
    Location:
    Outer space
    I'm not familiar with Sqlite, but if it does it's job properly then they are gone and not stored anywhere. Problem with hard drives is that when something is deleted it is gone in the Operating System but may still physically exist on the hard drive's platter until overwritten with other data, that's what secure removal/shredding is for.

    Because your login information is saved in the cookie. Just because companies often abuse cookies for tracking purposes doesn't mean cookies are inherently evil.
    You can't go back to your previous web-page because the browser doesn't know the previous web-page because you just deleted your browsing history.
     
  18. zmechys

    zmechys Registered Member

    Joined:
    Dec 29, 2012
    Posts:
    471
    Location:
    usa
    Let's start learning about Firefox cookies.
    I've started Firefox without Sandboxie.
    (Temporarily, no attention to SQLite Manager - a plugin for Firefox)

    Firefox shows that I have three cookies:

    VisibleCookies.PNG

    Next, I went to APPDATA\Mozilla\Firefox\Profiles, and found the file, cookies.sqlite.
    "Cookies: A cookie is a bit of information stored on your computer by a website you’ve visited. Usually this is something like your site preferences or login status. Cookies are all stored in the cookies.sqlite file."
    http://support.mozilla.org/en-US/kb/profiles-where-firefox-stores-user-data

    CookiesBeforeDelete.PNG

    Of course, I could not delete it; therefore, I opened it , "Selected All", and deleted everything.

    Sqlite_AfterDelete.PNG

    Next, I went to Firefox Options - Show cookies, but all three cookies were there.

    My cookies.sqlite file shows 0 KB, but the cookies are still visible.

    Where are they hiding?

    Thirteen minutes later, I checked the cookies.sqlite file. It still showed 0 KB.

    Sqlite_AfterDelete_2.PNG

    At this moment, cookies.sqlite does not have any info, but Firefox shows cookies.
    Where are those cookies hidden?

    P.S. For the time being, I'm going to use Firefox with Sandboxie.
    It means that any deleted cookies or browsing history won't leave the Sandboxie folder, and will be deleted with Eraser when I close Sandboxie.
    No need to invent anything, just use Sandboxie.
     
    Last edited: Mar 20, 2013
  19. PaulyDefran

    PaulyDefran Registered Member

    Joined:
    Dec 1, 2011
    Posts:
    1,163
    Question:

    Is there a reason some members choose *not* to run Firefox Portable out of a TrueCrypt Container? No need to worry about 'shredding'. There is zero slow-down on my machines. Just curious.

    PD
     
  20. zmechys

    zmechys Registered Member

    Joined:
    Dec 29, 2012
    Posts:
    471
    Location:
    usa
    Nebulus,

    Could you, please, clarify a few things about Sqlite Cookie Database?

    If I am correct, SQLite creates Temporary Databases:
    http://www.sqlite.org/inmemorydb.html

    "When the name of the database file handed to sqlite3_open() or to ATTACH is an empty string, then a new temporary file is created to hold the database.
    A different temporary file is created each time, so that just like as with the special ":memory:" string, two database connections to temporary databases each have their own private database. Temporary databases are automatically deleted when the connection that created them. closes."

    We all know what it means, "a file is automatically deleted" and waiting to be overwritten.

    Next, what is the deal with "cookies.sqlite-wal" and "cookies.sqlite-shm" files?

    CookiesAdds.PNG
     
  21. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,582
    Location:
    European Union
    Yes, some of us are not paranoid enough :D

    No, Sqlite CAN create temporary databases, or even in-memory databases, but Firefox uses normal, on-disk databases.
    As for .sqlite-wal and .sqlite-shm, they are log files used by Sqlite, andy yes, they might contain sensitive information, and yes, they are automatically deleted, with all the inconveniences related to this action. To avoid any privacy problems, I'm afraid that the only viable way is to use PaulyDefran's idea to encrypt at least the Firefox profiles folder...
     
    Last edited: Mar 21, 2013
  22. zmechys

    zmechys Registered Member

    Joined:
    Dec 29, 2012
    Posts:
    471
    Location:
    usa
    Or use Firefox with Sandboxie!

    P.S. I've never thought that serious computer specialists could be really funny.
     
  23. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,582
    Location:
    European Union
    zmechys, I don't feel the need to encrypt the Firefox profile folder, but you seemed pretty concerned about privacy issues, that's why I suggested you to follow PaulyDefran's idea :)
     
  24. zmechys

    zmechys Registered Member

    Joined:
    Dec 29, 2012
    Posts:
    471
    Location:
    usa
    No, I'm not "pretty concerned" about privacy issues.
    For the "pretty concerned", we have a different thread called,
    "How to achieve true online anonymity"
    https://www.wilderssecurity.com/showthread.php?t=343615

    I'm just asking questions while trying to learn something.
    Your answers provided a good "guiding light" for me.
    Thank you.
     
  25. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,095
    I use the Firefox add-on SQLite Manager 0.7.7 which lists each cookie. When added to Firefox, just select from Firefox main menu bar: Tools>SQLite Manager to bring up the SQLite Manger control window. Manimize it, and then select moz_cookies to Browse for them.

    -- Tom
     
Loading...
Thread Status:
Not open for further replies.