Firefox 44:"Ask me every time" cookie option removed
Mozilla removed one of the available cookie control options in Firefox 44 effectively disabling the option for users to decide what to do with cookies that sites want to set on a per-cookie basis.
Firefox users had several options in regards to cookies ever since it was released to the public. Users could allow or block all cookies, configure exceptions for sites, block all third-party cookies, or configure the behavior to display a prompt whenever a site requests to set a cookie.
And it is that last option that Mozilla removed from Firefox 44. While it is likely that the majority of users are not affected by the removal of the feature as it was deeply hidden in the options of the browser, those who have made use of it are.
The reason for the removal, according to Mozilla, is that it is a feature that is no longer maintained.
The functionality was unmaintained, bogus and not really nice to use on today's Web. Yes, it would be better if implemented in an add-on, so someone could take care of it properly and interested users in the community could drive its future better.
Firefox installations in which users had had the browser configured to "ask me every time" were switched to accepting cookies after the upgrade to version 44 of the web browser.
Mozilla suggests that users who were using the feature previously install third-party cookie extensions instead, or rely on blocklists such as the Tracking Protection blocklist that Mozilla ships with Firefox's Private Browsing Mode.
We reviewed cookie extensions for the Firefox web browser recently, and users affected by the change may want to check out the available add-ons that improve cookie management in the browser.
An add-on replicating the exact functionality does not seem to be available at this point in time though, and the use of blocklists does not offer the same functionality as fine-grained cookie management which the setting offered.
The feature removal brings Firefox more in line with browsers like Google Chrome or Microsoft Edge which don't offer these kinds of controls as well.
Firefox-based browsers such as Pale Moon support the "ask me every time" cookie option, and there is no indication that it will be removed from browsers supporting it in the near future.
Now You: Are you affected by the change? How do you manage cookies in your browser?
I stikk miss the etension, and if Pale Moon would run as well on my Linux as it does on my friends Wndws I’s changed long ago.
This is all based on the old adage. If you can’t beat ’em, join ’em. Mozilla is selling out. Slowly but surely. There is is a bigger agenda at work. Those of us who relied so heavily on the security features of this browser are going to start feeling betrayed and lose all that trust. I have started using Firefox less and less too. I too relied on the control over cookies and hey, if the feature annoyed someone, then turn it off. Some of us used it constructively and it meant something. Since when has it been said that having more options for security is an annoyance? Anyone who doesn’t want to deal with the option popping up can just turn it off.
Only one other browser has ever given a nicely tailored feature and to be honest, it may have even been better than what Firefox had before v.44. And that would be Opera. I mean the ORIGINAL Opera up to v. 12.xx. Not the current Crapra!. I’m referring to original Opera with the presto rendering engine. The cookie control was phenominal. Yeah Mozilla. BETTER than you!. Thanks for nothing.
Currently, they have some sort of whitelist option (exceptions) under 3rd party cookies. I mean, it’s useful. But when they say they removed a feature with reasons I just read in this article, what exactly would their reasons be for not giving these types of features an option that would allow users to be “prompted” with an option during the browsing process instead of forcing us to open the options tab? How stupid is that? Whoever is in charge of making these programming decisions have to be taking payoffs. I wonder if there are executives who have to rule or give the final say on decisons like this? Is it possible those who are in charge of the programming of Firefox could very well be doing this without the knowledge of the higher ups? You don’t get the resputation as being the most versatile, the fastest,the most secure, and essentially the best browser by making decisions like this. Something has to be wrong here.Anyone with any worthwhile knowledge about the key aspects that make a browser great has to see the direction Mozilla has taken recently could very well ruin them
Now, Vivaldi, is making a very nice browser, and the team involved is the same people from the old version of Opera v.12.xx. I admit Firefox is impressive in alot of ways. But I am already one foot out the door and the other foot firmly planted elsewhere. I am finding new ways to manage my security and also the security of those who use my home network. And Firefox is not looking good when it comes to the browser we will be using on the systems in our home. Mozilla needs to stop breaking what was already fixed or I’ll just start calling them Firefix instead.
This is all based on the old adage. If you can’t beat ’em, join ’em. Mozilla is selling out. Slowly but surely. There is is a bigger agenda at work. Those of us who relied so heavily on the security features of this browser are going to start feeling betrayed and lose all that trust. I have started using Firefox less and less too. I too relied on the control over cookies and hey, if the feature annoyed someone, then turn it off. Some of us used it constructivvely and it meant something. And since when has it been said that having more options for security is an annoyance? Anyone who doesn’t want to deal with the option popping up can just turn it off. Only one other browser has ever given a nicely tailored feature and to be honest, it may have even been better than what Firefox had in v.44. Opera. I mean the ORIGINAL Opera. Not the current Crapra!. Original presto engine Opera. The cookie control was phenominal Yeah Mozilla. BETTER than you!. Thanks for nothing. And now, Vivaldi, although using chromium, is making a very nice browser and the team involved is the same people from the Old Opera. I admit Firefox is impressive in alot of ways. But I am already one foot out the door and the other foot firmly planted elsewhere. I am finding new ways to manage my security and also the security of those who use my home network. And Firefox is not looking good when it comes to the browser we will be using on the systems in our home. Several systems. Mozilla needs to stop breaking what was already fixed or I’ll just start calling them Firefix instead
I wish there was a “Retrofox” that was like an early version of FF.
I’ve found myself using firefox less & less. It just doesn’t work well with the extensions I like to use. Chrome is faster. I’m using it more often even though it doesn’t support the extensions I used in firefox. Pale Moon is an option if you’re looking for an alternative.
Security updates and bugfixes are one thing, but I find the frequent changes to the features and UI of Firefox quite annoying. The developers treat Firefox as their pet project where they can try out all different features and UI tweaks, without regard to the majority of users who use it as a means to an end and don’t have the time or inclination to study the changes and find workarounds for features they remove for no good reason.
It wasn’t that it wasn’t maintained – they were paid to ditch it… under the guise of frequent crashes, and a small user base.
I also agree this is an insane move. I assist friends and family members with computer issues and setup. Just installed Firefox (45) on a friend’s new computer and was going through settings to set “properly”. No more “Ask every time”. Will at least use link above to go back to 43. My own windows system is at FF 22. When Mozilla moved Javascript enabling/disabling to about:config, I stopped updating it. I always run with JS off unless absolutely needed for an absolutely necessary website, (banking, etc.) (Try running your mobile phone with JS enabled and see how hot it gets.) My primary system was linux (10+ years old) until last year and uses FF 0.10.1 – but various websites have made changes so it is near unusable now (and I can’t even upgrade since it requires I install a new Linux rather than upgrade). This is on an old Dell desktop with 512 MB of memory. It worked fine and I can still use if for most everything else. When I bought a business last year, I installed whatever FF was current at the time so have to use about:config. I was able to run Payroll from home until a few months ago and the payroll provider decided my FF 22 was too old. Have to run it at work now. I will figure out something – which will probably mean going to something else besides FF on all my 5+ systems plus friends/family as I have time (not a lot of it.)
Didn’t see it mentioned above, but Safari on an Apple system 10-12+ years ago would allow automatically accepting/denying specific cookies. To use Yahoo email, I need to allow 4 cookies, not the 8-10 they want to set so I use “Ask every time” to allow only those cookies for the session. When I was using Safari, I didn’t have to worry about it.
I specifically chose another email provider 12 years ago (besides Yahoo) because it did not require the use of JS or cookies. Then they changed so cookies were required. OK. Now they require JS unless I link to an “older” version. They said they were going to allow an option for the interface you wanted to use, but then changed it with little notice amid complaints from users they were going to do it. How long do you think the older version will be available? (They got too big and stopped providing above-average support also – well, maybe still above-average compared to Yahoo. For about 4-5 years I could not send attachments with Yahoo mail until it “magically” started working again and their support was useless.)
Bottom line, generally seems providers are not on our side – with tracking pixels, cookies, JS, etc. Except for maybe one time (because I don’t really remember if it really happened), I have never had a virus on my systems and I bought my first PC in 1981 – a “portable” PC the size of a suitcase with 64k memory – still have it. I attribute that to being careful and not allowing JS to run – and this is without having anti-virus software installed.
Sorry for the long rambling, but I have wanted to say a lot of that for a long time. Just wish there was a more visible/popular website for people to comment on issues that providers/developers of all kinds of products would actually read. (Have thought about developing one – no guarantee it would be popular – but it is a huge task and I have a business to run.)
Annoying, really annoying.
This is one reason I still use Firefox. I want create my own white- and blacklist of cookies. There is no reason to remove it.
The people who use this function know the problems and can deal with them. But these who use it are mostly a special group of users. They know what they do and what happen. And mozilla decide to kick this group of users in the ass.
But they forget that this users are mostly multiplicators, which are helping others people with computers. I installed a lot of times firefox on others computers. These times are over. I am searching another browser there is no more reason to use firefox.
I was, as many of you, devastated when I (accidentially, mind you!) found out the option was silently removed. That really is a trust issue, because: what might those guys decide to remove next? We’ll never know …
I became aware of the ambiguity of the FF developer crew when they introduced DRM to the browser, allowing evils like Adobe to have access without me knowing.
Anyhow, if you want to keep FF but still want the old funciontality back, there is one excellent addon that does exactly that: CookieShield https://addons.mozilla.org/de/firefox/addon/cookie-shield
You can set it to disallow any cookie and then allow manually by page/site.
Works very well, I’m using it for quite some time now.
The “ask me every time” function was the main reason I bothered to stick with Firefox. It gave you an easy way to populate your whitelist and blacklist. My clients have hundreds of systems using it, and with a short lesson, they’ve all quickly learned how to use it. Once you spend a few minutes to learn how to check and uncheck the remember function it has kept a lot of bad cookies and the associated crap that comes with it, off their systems.
For those who don’t want to be bothered to keep bad cookies off their system, well, don’t choose that, you had 2 other selections.
What I do know is, unless a comparable function is added, I will probably be moving to a different browser and I definitely will no longer be sending support donations to Mozilla.
I use 2 browsers.
One browser (eg Firefox) where cookies are allowed – call this browser ‘A’.
The other browser (eg Opera, Chrome) where all cookies are blocked – call this browser ‘B’.
Browser ‘A’ is used to visit sites where (at least some) cookies are needed – examples gmail, bank, when making online purchases. Ensure you auto clear cookies at the end of a browswer session. Also manually clear cookies when you are done visiting a site such as your bank account.
Use browser ‘B’ on all other sites and block all cookies – example google.com, news sites, bbc, …
For Facebook users, allow such cookies from places like http://www.facebook.com, therefore you selectively set which cookies to accept OR which cookies to block, in your cookie white and black list.
I have always used the ask-every-time option, and actually switched back to Firefox from Chrome when Chrome removed the same option. For me the difference is that if I default to not accept cookies, I end up on sites that re-enabling it has been cumbersome. Maybe one of the tools makes that easier. Turning off third-party cookies, as I’m sure everyone here knows, isn’t as effective as you might think: when a web site embeds third-party content, they can do it by a direct reference to that site, so that what your browser does is fetch content *directly* from that other site, so it’s not a third-party cookie.
Similar to one of the other posters, there’s a handful of sites that are important enough to get cookies; the others don’t need them, and frequently if they won’t render without them they’re not worth staying there (for me). Yes, it’s easier now. But at the same time, that fine-grained control was the only reason I was still using Firefox when other browsers became easier to use and faster and could actually manage memory.
If this were the first such decision by Firefox, it would be different. But it’s not, and now they’re just like everyone else.
I wonder how the executives at Firefox really came up with the decision to remove the “Ask Me Every Time”? Was it money from advertisers? The pathetic excuse that it’s not useful anymore is just a cop out because it’s very useful. Especially, since practically all the third party cookie managers that worked are gone. They’ve been gone for almost twelve years now and it was because browsers had a built in cookie manager that worked for the benefit of the user.
Using the current add-on’s for Firefox doesn’t do the job properly because all of them let the cookie on the computer and not before. The right way would be to prevent the get on the computer beforehand and keep them out. That’s the reason that you have cookie manager, for security and privacy.
Deal-breaker.
I chose Firefox for that specific feature years and years ago (Version 2?).
I am looking for another browser until the feature is brought back. I hear PaleMoon and will try it. …any other suggestions?
It is absolutely ridiculous to take out something just because some people may not like it.
If you don’t like a feature which even on by default, then JUST DON’T USE IT!
*Fun fact: I discovered the change only after weeks of it being in play and letting through thousands of cookies I would never have allowed.
I just discovered today about the removal of “Ask me every time” option. I have only ever used Firefox, since the beginning. I am furious at this change, and even more so that it was done so surreptitiously. I had delayed updating to 44 probably until a week or two ago (not even sure) and just realized I hadn’t been asked about cookies in a while. I went to check on my “blocked” cookies and there were NONE, but a WHOLE BUNCH of cookies I never authorized. At least voluntarily.
I am on a Mac…does anyone know of any other options for a Mac? The suggestions I’ve seen above don’t appear to have a Mac version. I have downloaded the 43 install file and will go back to that for now.
I am done with firefox. the reason i used the program was the ability to block constant intrusive datamining by every damned site that I visit. no motivation to stay with the company now that it is just as shitty as every other
I am very unhappy with Mozilla for removing this option. If they insist on making firefox exactly like google chrome then I might as well use chrome. Comodo’s Ice Dragon browser hasn’t removed the option.(yet)
Everyone, please also post at this important article at mozillazine –
http://forums.mozillazine.org/viewtopic.php?f=7&t=2987945
For what it’s worth (nothing – that’s what Mozilla thinks of us), please complain here
https://input.mozilla.org/en-US/feedback/firefox/44.0.2/
and see if you can think of anywhere else to complain.
I sent notes to the New York Times’s and Wall Street Journal’s tech reporters, but maybe you all have better tech reporters you could tell. Please tell them
Have the developers at Mozilla lost their minds?!
Take away a very useful feature that I’ve used since Firefox came out and replace it with ‘accept all cookies’. Silently. Without so much as a ‘oh by the way, this release of Firefox no longer respects your privacy and will now accept every shitty cookie any site feels like throwing at you’.
I just checked my cookie jar and it was filled with loads of tracking cookies that I had to manually delete.
Not happy. :(
Martin and others – do you like Pale Moon? Does Pale Moon update frequently for security purposes? It seems to be privately owned – is it really user-privacy oriented? Trustworthy for banking, for example?
Pale Moon incorporates Firefox security fixes that apply to the browser regularly, but usually after they have been revealed by Mozilla.
The browser is like a classic version of Firefox which has advantages, like support for features that Mozilla removed in the meantime.
I don’t use it as my main browser but like the idea behind it, and can see it increase its usage share a lot when Mozilla starts enabling e10s and the removal of features that some users consider essential.
You can download the US English version of Firefox 43.0.4 here:
https://download-installer.cdn.mozilla.net/pub/firefox/releases/43.0.4/win32/en-US/
Choose the first one and save the file. That way you’ll have the complete installer if you ever decide to upgrade to a newer version and want to go back again.
This article describes how to install and older version of Firefox:
http://kb.mozillazine.org/Go_back_to_an_old_version_of_Firefox
You could also give Pale Moon a try which may be better than running an outdated version of Firefox.
How can I get back FF 43? It might still have “ask me every time”.
Well, sad to say it, but this was the last straw for me. I honestly never thought I’d give up Firefox. Fine-grain cookie management was THE killer feature of Firefox, and something absolutely essential for the modern web. The removal is bad enough, but changing everyone’s preferences to “Accept” is, well UNacceptable. You don’t change defaults from more-safe to less-safe things automatically! There’s no excuse for that – many people won’t even notice this since the change is silent. Make no mistake, this is a user-hostile change.
Sorry, Firefox, it’s been a great run, but you’ve been put out to pasture. For many years, you were the best browser out there, but you seem to have a solitary focus on destroying that reputation.
You can use one of the (many) cookie-managing extensions. There have been several mentions of Self-Destructing Cookies, which I personally favor; it requires almost no maintenance, just keeps your cookie jar near-empty all the time.
I agree. Except that I’m still reluctant to leave Firefox–never even considered such a thing before. But I’m shocked at this change being made in the way that you describe.
everyone here – I’m really steamed about this bonehead jerk move by Mozilla. Suddenly there’s no control over cookies. Are they freaking kidding?
But where else can we post to get some attention?
Very bad removing this option, I were heavily dependent upon it.
Check out Comodo IceDragon, uses same libs as FF it look like and has the ability to “Ask me every time” cookie setting right out of the box!
I can’t believe Firefox has taken away the option “ask me every time”.
Mozilla, are you kidding?
This is exactly what made FF better than the others. How can you eliminate this option?
And why no warning?
What do I do now to have the same control?
So, basically, Mozilla removed the option for sites to ask you every time–essentially, “Are we there yet?” (which is annoying enough in a car)
I think, after the first time or two of being asked, my response would be, “***ck you!” (That’s “Block you!” BTW ;) )
Really, all this does is eliminate a pointless manual exercise that’s better handled by the automatic functions still left. Well, now you know why it was not maintained.
Earl, you don’t understand how the function worked. You are (I say “are” because I am still on Fx 43) asked the FIRST time you visit a website. Fx remembers what you tell it and you not asked the second or third or fourth, etc. time that you visit that website. I’ve used this fine tuning since about the beginning of Fx and I never cease to be amazed, when the subject has come up for discussion in web forums, how many Fx users, like yourself, don’t understand the feature but think they do and trash it because they don’t understand how it works.
The reason Mozilla removed the feature was because of a recent proliferation of “rogue” websites that are either just sloppily coded with regards to cookies or are deliberately coded for the purpose of circumventing settings like this in Fx, Sea Monkey, Pale Moon and IE (since IE 6 I think I recall was the first version) so that the site can set its sleazy cookies. Encountering one of these sites is painful because the site ignores the checkbox on the first offered cookie popup where the user can put a check mark to tell Fx (and other browsers except Chrome) to treat ALL cookies as you are telling it to treat the FIRST cookie offered. With a properly coded site, that means that you will see ONLY the ONE cookie and Fx silently handles the others according to your instructions (which you can modify at any time in Fx Cookie Exceptions List).
In badly coded sites, the user’s experience recently has been painful. I have gone to a new site and told Fx, on the first cookie popup, to block all cookies or to make all cookies Session Only. Instead of that one time instruction that Fx carries out henceforth for that website, I have been confronted with as many as 100 cookie popups after the first one! For each one, I would check the box to have Fx handle all cookies as I told it to handle that one. On these “rogue” sites, that instruction is completely ignored and cookie after cookie continue to be offered. I counted up to 100 cookies on one site that the site continued to try and force on me and only gave up on the 100th cookie. That was an extreme as most sites that do this try about 30-50 times to set cookies even though you told Fx to block all cookies there with the first one offered. Your hand feels numb after 40-50 clicks but I have never given up as that ignoring of my wishes regarding cookies really angers me. Of course, I never again visit such sites and I write the webmasters and tell them why.
Mozilla chose to just do away with this setting rather than fix the problem. The other browsers that still have the setting also are unable to follow the users instructions for all cookies when presented with the first one at one of these “rogue” sites. SeaMonkey and Pale Moon have Fx code but IE 10 responds the same on these “rogue” sites and it’s cookie settings code is different from that of Mozilla so maybe there is another factor here contributing to this problem. Still, browser producers should not just turn tail on yet another privacy issue. A major reason I never used Iron (Chrome with privacy), except briefly years ago, was because Chrome had no cookie controls to speak of and still doesn’t. I have looked at extensions to correct what Mozilla removed from Fx in version 44 but there are none. So, Fx 43 may be my last version. I have had Fx since Phoenix days and until recently it was my default browser. So, between this issue and the upcoming gutting of Fx extensions and themes later this year that CTR can’t fix what is the point anymore of Fx?
Pale Moon can run NoScript, UBlock0, UMatrix, etc, and is developed by people who actually use it.
It is everything that made Firefox great, a mature fork with a nice focus on privacy, security, and usability. All those handy little tweaks that FF users loved are here, including the abilty to spoof referers,disable webGl, manage html5, access prefetch and dns prefetch as well as Dns cache and TTL settings, manage closed tab history depth, access the ciphers that are used, set the protocol min/max (TLS), manage mixed-content, cookie mgmt, statusbar settings and much more. All from the options panels, without addons. Add your favorite extensions and it’s an excellent browser. I left FF at version 16 and never looked back. I currently use the 64bit version with about 35 addons, 50-100 tabs open, and my email client open on a crappy comp with 4gb of ram, and have no problems. So go for it!
P.S. There is a Thunderbird fork as well, FossaMail, which is on par with Pale Moon’s excellence.
Think I’m going to quit FF for this bummer.
I want all shields up by default. No That’s why I have been using FF and NoScript for years now and never even thought about using any other. The “remember my decision” option was comfortable enough.
I’ve read about Pale Moon and will try it out next. Does anyone know of another browser that offers anything as powerful as NoScript?
Just had my firefox upgraded, not sure from which version and I noticed I wasn’t getting any set cookie confirmation boxes any more so I checked the options and the ability to “ask me every time” for any site to set cookies, was gone. This was THE number 1 reason for using firefox. If people are too stupid to know how to use it, then they shouldn’t have been using it. They should have kept it. This really pisses me off. I am the kind of person that needs to know which sites are setting what cookies, before they get set.
Time to start looking for a new browser!
Have used it since it was available. Had it set as a default. Went to turn it off temporarily today, to visit one specific site, only to find it had silently been changed to “Accept cookies from sites” without my permission. Am unhappy with that. Am unhappy with the change. It worked fine, supported my privacy decisions and needed no changing.
A crying shame that Firefox has begun wimping out on protecting users’ self-determination regarding the convenient non-3rd party management of cookies and is instead kowtowing to the world’s Internet cookie bakeries.
Used this feature for years. Worked just fine and was not that intrusive.
Very disappointed with Mozilla for dropping this. The excuse stinks and it has significantly diminished my trust in them.
Same here. =(
Permit cookies doesn’t even work. I click remove and when I look, the cookies are still there.
I’ve used the ask me every time feature for years now. It seems a real dumbing down of the UI to remove it. Less flexibility and control should not be the direction of development. I do not know what they mean by unsupported, since it worked just fine. Now I have to replace that control with an add-on.
This is for SDC any comment is welcome though, What site do i white list to keep me logged into YouTube and you might as well add in google’s Gmail too because i keep getting logged out of that and well its really ticking my off, NOW i remember why i stopped using this annoying shit?!?!?
I’m pissed that this feature is gone. I used it religiously, even though I had to turn it manually and explicitly for every new Firefox installation. Whoever said “not really nice to use on today’s Web” is a jackass who’s only interested in supporting the never-ending pusher-controlled invasion of users’ personal space and activities. There is just no reason for a default cookie policy to be “always accept”, except to further end-user tracking. Any web site can be made to function perfectly fine without them, notwithstanding a desire to spy on (or if you prefer – “market to”) end users.
Without an “always ask” option, if you set your default to “block”, you have a huge issue with the next worst “feature” of Mozilla’s cookie (non-)support, which is finding, sorting, or otherwise managing the cookie exception list. God forbid you have a “always block” and then you decide to open up a site. THEN it probably won’t work, if the site has too many subsite (aka “misdirection”) cookies, it’s nearly impossible to delete all the exceptions to make it work. In those cases I just decide to browse elsewhere.
I’ll be looking for another browser or writing my own soon, or simply abandoning any meaningful use of the internet. Sigh.
By taking away the ‘Ask me…’ option, Firefox is purposely allowing third parties to invade your space. Perhaps Firefox was lured by corporations and governments to implement this change. In any case, this is another move towards a breakdown of choice and privacy. Sad sad and again sad.
I am angry. How dare they decide for me that I must now either reject all cookies or accept all cookies on a per-site basis. I used “ask me every time” on a daily basis to accept useful cookies (such as session ID) and reject unwanted cookies (such as trackers) within the same site. I’m glad I noticed the change in behavior right away and was able to use a restore point to get back to 43.0.4. I don’t believe the excuse in the official notice. I’m sure that this is all part of the continued drift toward preventing people from being able to fight back against invasive data collection.
No one cares.
I am working now for quit some time with the Mozilla Firefox add-on (from ov) Self-destructing cookies and its quit astounding how many cookies every time (even during a session when I close tabs) are destroyed, who where trying to track me across the web.
https://addons.mozilla.org/en-US/firefox/addon/self-destructing-cookies/
About this Add-on
Self-Destructing Cookies is not just a cookie manager, it’s a new cookie policy. Do you think that cookies should need a reason to persist in your cookie jar, i.e. you currently interacting with the site that set them? Would you prefer your cookie jar to be empty in its steady state, except for a few sites that you care about? Are you worried about unconventional tracking methods? Then give this add-on a try.
Self-Destructing Cookies automatically removes cookies when they are no longer used by open browser tabs. With the cookies, lingering sessions, as well as information used to spy on you, will be expunged. Websites will only be permitted to identify you while you actually use them and can not stalk you across the entire web. This is the closest you will get to cookieless browsing without breaking every second site or tedious micromanaging.
Tracking cookies will be detected and removed immediately. They are identified purely by their behaviour – no need for a blacklist that needs to be kept up to-date. Self-Destructing Cookies also has LocalStorage support and will treat it just like your cookie jar. Defend yourself against ETag tracking and other cache-based black-hat techniques by configuring Self-Destructing Cookies to automatically clean your cache every time you are not actively using the browser. For the first time ever, this provides a realistic chance of beating zombie-/evercookies without sacrificing usability. See the zombie-cookie FAQ entry for details. Self-Destructing Cookies can also help protect against CSRF attacks by ending your sessions as soon as possible.
This add-on complements blacklist-based solutions such as Adblock and Ghostery very well. You can whitelist sites whose cookies and LocalStorage you would like to keep without an active tab in the Firefox cookie exception list, which can also be conveniently accessed from the add-on’s preferences, or an icon in the Add-on Bar.
Frequently Asked Questions and Common Problems
Q: What about Zombie-/Evercookies?
A: SDC gives you a fighting chance against such black-hat techniques. To beat the Evercookie, enable automatic cache cleaning in SDC’s preferences. If you are on a decent, unmetered connection, there is no harm in setting the idle timeout to a low value, such as 3 minutes. You should also set all of your plugins to click-to-play, install BetterPrivacy and configure it to automatically clean unused LSOs. Please note that SDC will not clean LocalStorage scopes of sites served via HTTPS if you are running a Firefox version prior to 23. This is due to a limitation in Firefox’s DOM storage API in those versions.
Q: Can I disable the notification pop-ups?
A: Yes. Open the add-on manager. You can reach it via Firefox’s menu, or by just entering “about:addons” without the quotes in your location bar. Locate Self-Destructing Cookies in your list of extensions, click the Preferences button and remove the checkmark next to “Notifications”.
Q: Since I installed the add-on, the removal notifications just won’t stop. I’m not even using the browser at the moment.
A: You are probably using another add-on that re-adds certain cookies when they are removed, e.g. Beef Taco or TrackerBlock which both try to persist opt-out cookies. SDC and the other add-on are having an infinite debate about whether to keep those cookies. Choose a side and disable the other one.
Q: The entire whitelist is empty each time I restart Firefox.
A: You probably have Firefox’s privacy preferences set to “Clear History when Firefox closes” and included “Site Preferences” in the corresponding menu. SDC’s whitelist is stored as site preferences.
Q: A specific site forgets my login, even though it is on my whitelist.
If you added the entries manually, make sure you whitelisted the base domains of your sites (e.g. “example.com”, not “www.example.com”). That’s where cookies are generally stored.
If you added it via the icon, the login might depend on external domains. Keep an eye on the removal notifications the next time you log *in* there. The domains that appear in the following seconds are probably the ones you want on your whitelist as well.
Q: The add-on does not work in private browsing mode.
A: Some parts of Firefox are off-limits for add-ons while you are in private browsing mode. This includes the cookie jar for example. There’s nothing I can do about this, sorry.
Q: I have configured Firefox to block all cookies by default. Can I still use SDC?
A: There is an unsupported hidden setting that changes the behaviour of the “yellow” whitelist level from allow-for-session to allow-while-open. To enable it, create a boolean key in your about:config named “extensions.jid0-9XfBwUWnvPx4wWsfBWMCm4Jj69E@jetpack.defaultBlock” (without the quotes), set it to true and restart your browser. You can now use the “yellow” setting for sites whose cookies you would like to accept, but still have them self-destruct. I provide this on a “should work” basis, meaning that I depend on bug reports from you and don’t do in-depth testing of this mode myself.
I think this completely misses the point. The idea behind the ask every time was to PREVENT spurious data mines from getting set in the first place!! It is HUGELY frustrating now to go to privacy and cookies to clear out a whack of cookies that SHOULD NEVER HAVE BEEN SET in the first place. What good is kicking the fox out of the henhouse after he has killed all your chickens!!! The idea is to keep the data mines OUT of your computer!!! Once they are set and mined your data it is too little too late to delete them!!! They want you to keep the latest version of the browser for “security” reasons while opening the door to anyone who wants to mine your data?? Excuse me!?!?!? To hell with Google and every data miner out there!!!! They have NO business in my computer PERIOD!!! We always criticized Microsoft for it’s invasion of privacy yet they have included this feature in their browser!! Google has been fined huge dollars for undermining European privacy laws! Mandatory cookies should be banned!!! Cookies can not and do not offer any security or protection on-line!!! Their main purpose is data mining, tracking. For the user, mandatory cookies serve no useful purpose! Between data mines and ads forced down your throat the internet has gotten rather ugly! Sites won’t work if you don’t allow them to mine you for data or allow them to dispplay ads. NO!!!!!
Pat – you are 100% correct. It was asinine for FF to remove this important, basic protection. I made a small contribution to Mozilla just before this happened, and I will never, ever do that again.
Chrome has a per-site native way of managing (accepting/rejecting) cookies that is existing (contrary to what you say Martin) and VERY convenient.
Look at the most right side of the address bar, left to the star for bookmarks.
There is a cookie icon that will be available to manage per site after you set “block all cookies and tier…” in Chrome settings.
Just right-click on this icon to have a per-site management of cookies (exception to the global rule of blocking all).
Very handy feature in Chrome.
(would have been much more easy with a screen shot). Here is a link: https://maketecheasier-holisticmedia.netdna-ssl.com/assets/uploads/2015/02/disable-third-party-cookies-block-icon.png
beware of some sites that use aggressive marketing strategies practices. Example is:
“We use cookies to personalise… ads, bla bla. We also share information bla bla”
Old trick used to be to add it back in the about:config, but it looks like it’s been fully stripped out. Which is sad, as some people liked having better control over their cookies. I haven’t used it in a long time because of me getting distracted by things, it comes up as an annoyance than anything else lol
>>”… not really nice to use on today’s Web.”
What does that mean? It’s rude to delete cookies? I’m supposed to be nice to servers?
Smacks of the “You have an obligation to not block ads” line.
Sites these days use a lot of cookies, thus, by “not really nice”, they’re referring to the excessive amount of prompts you would receive.
Anyone notice that the screenshot is of Palemoon and not Firefox? The article is clearly about Firefox 44.
the check-box just above the Location bar section states
“clear history when Palemoon closes”
plus 44.0 has in tab preference not the windowed any more. but really the screenshot should be of firefox since its about firefox and not another product.
@Troy, the CIA needs people like you, perspicacious, aware :)
Joke aside, nice catch indeed. I hadn’t spotted Pale Moon, when I should have. I’m loosing my reflexes!
Martin is showing what the setting looked like. Firefox hasn’t used a window like that for over 10 versions now.
Just a bit easier for him to grab that, where it would nice and clear, than to go back, install a Firefox version that has that option, grab a screenshot, scale it down and make it look good while fitting the page format.
Actually, you could tweak an about:config preference so that preferences were windowed. I think it was browser.preferences.inContent. It’s gone in the latest versions though.
That was my exact reasoning ;)
Wait till you find all the little hidden batman logos Martin has hidden in his images .. then you really freak out
No it is little naked me all the time.. Scary..
Good catch ;)
wasn’t trying to be rude, It was a great article just was thrown by the screenshot. Thanks
No worries ;)
Mozilla Manifesto, principle 4:
“Individuals’ security and privacy on the Internet are fundamental and must not be treated as optional.”
So much for that.
PS: Will cookie-management-addons even continue to work after Project Chromefox has been completed successfully?
You seem to misunderstand what WebExtensions are about.
https://wiki.mozilla.org/WebExtensions/FAQ
The goal is to share a common extension framework with Chrome without preventing Firefox from having exclusive extension functionality. This will allow for extensions to be shared across browsers more easily without exactly forcing them to be the same in all browsers.
Mozilla should just stop to try to take away Chrome’s market share with trying to be as minimalist like they are. That is STILL the wrong way and will only gain Mozilla even more loss of market share.
Considering feature removal of power user features and removing complex unique add-ons from power users a good thing is NO good thing.
Firefox is NOT Chrome. And it shall not become Chrome.
I understand your concern but I’m optimistic about this change when thinking of the long term. They would have to do this for Servo anyway.
Which means Mozilla will give up their superior own add-on landscape and implement more limited ones with the addition of few special API.
Really brilliant move, which will restrict UI customization possiblities even more. Thanks god that i am no longer forced to use Mozillla products.
I use Advanced Cookie Manager. Works great.
Cookies are massively over-rated IMO. Except for sites I log into (about 20), and a couple of sites I want to remember a particular setting (such as ArsTechnica’s dark theme, where I have no account), I have yet to find a site that won’t display and function without cookies. Cookies for just browsing the web (as opposed to social interaction eg FB) are not needed. 99.99999999% of all cookies are a waste of end-users space, time, energy, and privacy (and as for “this site uses cookies” warning – damn the EU for being dicks).
As such, I block all cookies and whitelist the handful above – I use Cookie Controller – so I can simply set a cookie with more options – accept, 1st party only, session only, block (default). All off a little button on my status bar. “Ask every time” is a waste of space – block all and if you must have a cookie, set it on that site’s first visit. Or if you don’t care about cookies, allow them, and wipe em all out on close etc.
Firefox’s dumbing down and reduction of options is becoming more prolific. I’m pretty sure by the end of the year there will be no options left and about config will be empty.
Pale Moon has now abandoned the Ask Me Every Time option.
Now where do I go?
Indeed, where. I really didn’t want another sideline project, to either replace my browser or add a firewall between it and the grab-tastic spying big data hounds.
Not only has PaleMoon removed the option, it particularly and conveniently disregards my long-time standing policy of BLOCK for *.palemoon.org. As soon as I launched it, there was a palemoon.org cookie.
The internet has become quite evil.
Even easier here with the ‘Self-Destructing Cookies’ Firefox add-on : let sites (except 3-rd party even if the add-on would handle them as well) set whatever cookie they want, they’ll be removed by ‘Self-Destructing Cookies’ once the site is closed unless I’ve set an exception rule explicitly allowing, allowing for session, or blocking (blocking doesn’t make much sense with ‘Self-Destructing Cookies’ but I appreciate it nevertheless with certain “portal” sites, those which include many urls such as but not only certain search engines…). Et voila.
I agree that 100%- of cookies do not aim the user’s comfort but the site’s stats together with the quasi systematical World Web unofficial tracking policy, cookies being only a tool among a plethora of others.
About the “Ask me every time” cookie option, I never used it.
i admit at first it is very annoying, until you realise the amount of crap that you are loading down your computer with, and after a while it was just routine, and interesting to note what cookies came from where and how many were gobblygook, and obviously of no use to YOU. i don’t know about you, but i want total control, not someone else having any control at all. it was a really vital part of security – to see who wants to nose about.
anyone know of a replacement or an about:config setting?
I absolutely agree. I feel it is a betrayal of Mozilla users – to have eliminated the “Ask Every Time” option. Mozilla is a non-profit. Why are they making this change? Are they profiting from the browsing data they take and allow others to take without our express permission?
Shame on you Mozilla. Please return this excellent feature to your initial users, who have since become your former users.
You “don’t think anyone did”…? Oh, you have NO idea how angry that statement made me. I used that setting quite liberally in order to protect my privacy, and now I cannot. I even sent a message to Mozilla asking them to reconsider as soon as it was permanently disabled.
you mean “porn sites” jajajaja..i kid i kid i kid
I used to use the “Ask me every time” mode, before I discovered SDC.
It wasn’t so bad if you used the ‘Remember my decision’ checkbox to populate your permanent whitelist/blacklist.
“About the “Ask me every time” cookie option, I never used it.”
I don’t think anyone did. It would just get f***king annoying.