Mozilla Connect

Thanks for submitting an idea to the Mozilla Connect community! Your idea is now open to votes (aka kudos) and comments.

Such an option should be implemented in Firefox browser, it would increase the security of cookies.

thanks for you@Jon 

Never thought about this. Makes a lot of sense.

It's interesting. Each of these is stored in a different way:

Cookies: Cookie data is stored in your main (root) profile folder in a database named cookies.sqlite. A database engine in Firefox manages the contents of that file, and during normal operation, creates two companion temporary/journaling files.

Someone familiar with SQLite hopefully can make suggestions about scrubbing data in case it is possible for forensic software to reconstruct deleted cookies. For example, should the database be packed/vacuumed to squeeze out any lingering data? Should cookie values be replaced with gibberish as part of deletion?

Cache: HTML, script, style, and image files saved during visits to sites are stored in the local companion folder to the profile folder. Some of these elements are combined into a large file while others are stored individually in numerous subfolders.

When individual files are removed from cache, either at the user's direction or during normal operation, I believe these are "permanently deleted" bypassing the system trash/recycle folder. However, that doesn't mean that forensic software couldn't reconstruct some of those files.

For deleted files, running a system-level tool that scrubs empty areas of disk that might contain traces of deleted files probably would be more efficient than what Firefox could do. However, that's just a guess.

Thank you for the suggestion.  Just to be clear, are you asking for something above and beyond what this setting in Firefox does?

I think what they said was clear. To not let the operative system to handle the deletion of files however it wants, but make sure that the blocks where the files were written get totally wiped out or scrambled.

And if this is possible (because Firefox runs in multiple file systems, operative systems, etc), at least implement an option that moves the files to the operative system's trash/recycle bin (or a designated directory if the OS lacks that) so we can manually safe-delete the cached files at the end of the session.

Edit not: multiple typos

thanks everyone for the comments

thanks @mconca  this will not make the data deleted securely so any software can retrieve it and @Ekol is correct about what i meant

thanks @Ekol  for helping to explain it

thanks again for everyone and have a nice day 🙂

Hello @jscher2000

thanks for sharing your thoughts 🙂 

here what i found about the sqlight secure delete option

first it need to be compiled with that option to be available
https://sqlite.org/compile.html#secure_delete
and here the option we need to set

https://sqlite.org/pragma.html#pragma_secure_delete

but according to this https://www.oreilly.com/library/view/using-sqlite/9781449394592/re26.html

it can not be sure of the underlying storage if securely deleted or not
of course if you encrypt the whole drive then we would need to decrypt the drive first then do the drive scan to retrieve it but for low end device using encrypted storage in hdd hit the performance of the machine

keep in mind different financial capability of users

hope that explain it in better way and have a nice day 🙂

Hello @jscher2000 

thanks for your thoughts 🙂

the sqlight would need to be compiled with this option

https://sqlite.org/compile.html#secure_delete

and there extra option when it enabled
https://sqlite.org/pragma.html#pragma_secure_delete

but according to this

https://www.oreilly.com/library/view/using-sqlite/9781449394592/re26.html

there not guarantee of the underlying storage behave

hope that explain it and have a nice day 🙂

Hello,

I would like to name this feature "cookie shredding"

Here is how it would be implemented

First make sure any stored cookies are stored in forward secret storage (each time the database is encrypted, it uses a new key based on an old key, breaking this key does not compromise past or future versions, see OMEMO encryption and the double ratchet mechanism)

Next when cookies are decrypted they should be kept in a secure space in ram and when cookies get deleted from that space, the space should be overwritten with multiple data shredding pattern

regarding file shredding see DoD 5222.2M, NIST 800-88 / nwipe / shredos and the earlier project DBAN

It might make sense to store critical cookies in UEFI or even the TPM chip (although I disabled my TPM chip)

The best place to store secure cookies would be a smartcard or contactless smartcard, this is storage that cannot be dumped without the appropriate authentification