cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Justsomeone
Making moves
Status: New idea

Hello everyone

since the cache and cookies we get after use different site include many sensitive data then in my humble opinion that there be an option to secure delete it built in the browser so if we clear it manually or someone set it to be clear each time the browser get closed it get deleted and can not be recovered

or at least the cache /cookies be sent to the recycle / trash and the user has the option to either delete it normally or use third party app to delete it in secure way

despite i prefer the first option but second one could  be used till the first one be implemented if it considered valuable idea

thanks for your time to read that and have a nice day 🙂

11 Comments
Status changed to: New idea
Jon
Community Manager
Community Manager

Thanks for submitting an idea to the Mozilla Connect community! Your idea is now open to votes (aka kudos) and comments.

zety
Strollin' around

Such an option should be implemented in Firefox browser, it would increase the security of cookies.

Justsomeone
Making moves

thanks for you@Jon 

Ekol
Strollin' around

Never thought about this. Makes a lot of sense.

jscher2000
Leader

It's interesting. Each of these is stored in a different way:

Cookies: Cookie data is stored in your main (root) profile folder in a database named cookies.sqlite. A database engine in Firefox manages the contents of that file, and during normal operation, creates two companion temporary/journaling files.

Someone familiar with SQLite hopefully can make suggestions about scrubbing data in case it is possible for forensic software to reconstruct deleted cookies. For example, should the database be packed/vacuumed to squeeze out any lingering data? Should cookie values be replaced with gibberish as part of deletion?

Cache: HTML, script, style, and image files saved during visits to sites are stored in the local companion folder to the profile folder. Some of these elements are combined into a large file while others are stored individually in numerous subfolders.

When individual files are removed from cache, either at the user's direction or during normal operation, I believe these are "permanently deleted" bypassing the system trash/recycle folder. However, that doesn't mean that forensic software couldn't reconstruct some of those files.

For deleted files, running a system-level tool that scrubs empty areas of disk that might contain traces of deleted files probably would be more efficient than what Firefox could do. However, that's just a guess.

mconca
Employee
Employee

Delete.png

Thank you for the suggestion.  Just to be clear, are you asking for something above and beyond what this setting in Firefox does?

Ekol
Strollin' around

I think what they said was clear. To not let the operative system to handle the deletion of files however it wants, but make sure that the blocks where the files were written get totally wiped out or scrambled.

And if this is possible (because Firefox runs in multiple file systems, operative systems, etc), at least implement an option that moves the files to the operative system's trash/recycle bin (or a designated directory if the OS lacks that) so we can manually safe-delete the cached files at the end of the session.

Edit not: multiple typos

Justsomeone
Making moves

thanks everyone for the comments

thanks @mconca  this will not make the data deleted securely so any software can retrieve it and @Ekol is correct about what i meant

thanks @Ekol  for helping to explain it

thanks again for everyone and have a nice day 🙂

Justsomeone
Making moves

Hello @jscher2000

thanks for sharing your thoughts 🙂 

here what i found about the sqlight secure delete option

first it need to be compiled with that option to be available
https://sqlite.org/compile.html#secure_delete
and here the option we need to set

https://sqlite.org/pragma.html#pragma_secure_delete

but according to this https://www.oreilly.com/library/view/using-sqlite/9781449394592/re26.html

it can not be sure of the underlying storage if securely deleted or not
of course if you encrypt the whole drive then we would need to decrypt the drive first then do the drive scan to retrieve it but for low end device using encrypted storage in hdd hit the performance of the machine

keep in mind different financial capability of users


hope that explain it in better way and have a nice day 🙂

Justsomeone
Making moves

Hello @jscher2000 

thanks for your thoughts 🙂

the sqlight would need to be compiled with this option

https://sqlite.org/compile.html#secure_delete

and there extra option when it enabled
https://sqlite.org/pragma.html#pragma_secure_delete

but according to this

https://www.oreilly.com/library/view/using-sqlite/9781449394592/re26.html

there not guarantee of the underlying storage behave

hope that explain it and have a nice day 🙂

shodan
Making moves

Hello,

I would like to name this feature "cookie shredding"

Here is how it would be implemented

First make sure any stored cookies are stored in forward secret storage (each time the database is encrypted, it uses a new key based on an old key, breaking this key does not compromise past or future versions, see OMEMO encryption and the double ratchet mechanism)

Next when cookies are decrypted they should be kept in a secure space in ram and when cookies get deleted from that space, the space should be overwritten with multiple data shredding pattern

regarding file shredding see DoD 5222.2M, NIST 800-88 / nwipe / shredos and the earlier project DBAN

It might make sense to store critical cookies in UEFI or even the TPM chip (although I disabled my TPM chip)

The best place to store secure cookies would be a smartcard or contactless smartcard, this is storage that cannot be dumped without the appropriate authentification