Sunday, April 8, 2018

Cookie purging the simple way

Getting rid of cookies (especially tracking and ad cookies) consistently is a good thing. However it turns out to be a bit tricky because you don't want to get rid of session cookies for sites you care about. Basically what you want to achieve is this:

  1. Store all cookies as normal
  2. Maintain a whitelist of servers that are allowed to store persistent cookies (usually for sites such as Github, Reddit, Twitter and the like)
  3. At regular intervals (preferably every time the browser is closed), delete all cookies not whitelisted.
There are browser extensions to do this but they are often bizarrely complex and even those that aren't are inconvenient to use as they require installing plugins, clicking through menus and so on. Firefox should have builtin functionality to do this also, but I read through instructions online on how to do it and could not understand how you should set it up to get it to work.

Thus as an experiment I wrote a Python script to do this, it is available in this Github repo. Using it is simple:

  1. Write a whitelist file consisting of one hostname per line. (all subdomains of the specified host are also permitted)
  2. Shut down Firefox.
  3. Run the script.
  4. Start Firefox.

1 comment:

  1. Have you tried the Firefox Cookie AutoDelete addon?

    It just has 7 simple settings and a whitelist feature.

    I use it for the usecase you describe and it works fine. I don't use the whitelist feature much because most sites I care about are open all the time and this is enough to keep those cookies around.

    PS: Btw, this blog is localized to Finnish ('Ei kommentteja', 'Julkaise', ...) which makes it kind of hard to actually comment here.