How to ensure Privacy Settings are honored...or is there a cached web content loophole?
I've noticed that searches retain information about my previous searches after I close the browser; 'Delete cookies and site data when Firefox is closed' setting is selected. My tests seem to point to a security loophole with Cached Web Content.
Question: how can I ensure privacy settings are honored, or, if there is a loophole, how can I get Firefox to also clear Cached Web Content on close?
In my repeated test cases, I used bing to search for '5/8 irrigation kit', then closed the browser and reopened. Cookies and site data show 0 bytes (see attached images), Cached Web Content show something greater than 0.
Next, I go to bing.com/news, scroll through stories, and see an advert for an irrigation kit as one of the sponsored adverts.
As a further test after the original search, I try the following to see if I was being track another way, with the same resulting sponsored advert showing:
- Restarted laptop
- Restarted ONT (to get a new IP) and wifi
The following 2 scenarios seemed to resolve the issue after the original search and seeing the same resulting sponsored advert:
- Turned on VPN
- Cleared Cached Web Content
Clearing Cached Web Content seems to be the solution, and a possible privacy loophole. Cached Web Content is not part of the auto-delete-at-close feature.
Oddly, I haven't been able to consistently replicate the above starting with the VPN on and having it on through the tests. It sometimes shows the same resulting sponsored advert, and sometimes not.
I tried to replicate this with Safari. It's auto-delete feature at close and similar privacy setting seems to work according to what I would expect with the same test scenario; which is, no previous search-informed sponsored advert.
Details:
- Firefox 76.0.1 (64-bit)
- Firefox privacy settings shown in attached images
- MacBook Air 2019
- macOS Catalina Version 10.15.4
- Verizon Fios
Opaite Mbohovái (2)
You can clear other data via "Clear history when Firefox closes".
"Delete cookies and site data when Firefox is closed" should be used to clear cookies if you want to keep cookies with an allow exception because using "Clear history when Firefox closes" to clear cookies removes all cookies.
The second screenshot suggests that you use permanent Private Browsing mode (Always use Private Browsing mode; Never Remember History) and that means that you can't remove data that was stored in a regular session.
Data from a PB mode sessions is kept in memory and thus purged automatically, but you can't affect data stored in a regular (non PB) session.