Firefox privacy settings
I've been trying to configure my laptop to suit my needs, which differs from those on desktop. Basically, I trust both devices due to full-disk encryption, but it's possible to steal my laptop while powered on and unlocked. Hence my laptop approach is strict while adding a few exceptions that rely on successful authentication without remembering passwords.
I find it quite hard to manage exceptions. I've spend a couple of hours reading through this forum as well as numerous FAQs and guides, yet it appears there are a lot of conflicting options that override certain settings. The entire process is pretty counterintuitive and could use an overhaul from a UX perspective, where a simplification of the process might also result in the resources becoming more useful.
Anyway, one of my issues is that it appears I can't use asterisk * when defining URL exceptions for cookie settings. Second, unless explicitly defined, the protocol defaults to http and not https. I guess I should ask what happens before complaining too much. Example time:
1: I add the URL 'example.com' 2: Firefox converts it to 'http://example.com' 3: I add the URL 'https://example.com'
How will each of these exceptions work for the following: https://www.example.com https://this.example.com
And how can I mitigate this without a regex or similar, short of manually adding an extensive list of possible variations in between https:// and .example.com? To clarify, I'll need an exception for something like https://*.example.com
Finally, how is this affected by individual settings in the sections Enhanced Tracking Protection, Cookies and Site Data, and History? Any pitfalls I should be aware of?
Chosen solution
In the Manage Exceptions dialog, if I enter example.com and click Allow, Firefox adds both:
I'm not sure why your Firefox only adds one of them.
It is my understanding that except in certain situations of strict host name enforcement, you only need the base domain and not every host name the server uses. As an example, I created an Allow exception for https://live.com and Firefox retained persistent cookies for outlook.live.com even with "Delete cookies and site data when Firefox is closed" selected.
Note that in the History section, if you use "Clear history when Firefox closes" you need to uncheck the boxes for
- Cookies
- Site Settings -- includes your exceptions, site permissions, zoom levels, etc.
- Offline website data
because this feature does not honor exceptions and will completely flush those categories of data.
Read this answer in context 👍 0All Replies (3)
Chosen Solution
In the Manage Exceptions dialog, if I enter example.com and click Allow, Firefox adds both:
I'm not sure why your Firefox only adds one of them.
It is my understanding that except in certain situations of strict host name enforcement, you only need the base domain and not every host name the server uses. As an example, I created an Allow exception for https://live.com and Firefox retained persistent cookies for outlook.live.com even with "Delete cookies and site data when Firefox is closed" selected.
Note that in the History section, if you use "Clear history when Firefox closes" you need to uncheck the boxes for
- Cookies
- Site Settings -- includes your exceptions, site permissions, zoom levels, etc.
- Offline website data
because this feature does not honor exceptions and will completely flush those categories of data.
Seems like I worried for no reason. Quick suggestion, at least mention that wildcards are included, that would prevent some frustration I think. Or add them automatically, unless you worry that regular users would be confused. It could be mentioned in the documentation as well.
Regarding checkboxes that void or ignore exceptions, the process still feels unnecessarily complicated. It's probably because new features have been added over multiple iterations, tacked onto the about:preferences instead of merging with existing features. I'll suggest a service update that looks into the architectural approach to how settings are applied, making it more intuitive. I know it's hard to assess as a dev, you know how stuff works, the intricate details and all, and that makes it difficult to put yourselves in the shoes of regular users.
Either way, I got what I came for. Thank you very much, I really appreciate it. Keep up the good work.
There is work under way to consolidate the two settings --
- "Delete cookies and site data when Firefox is closed" [cookie lifetime preference]
- "Clear history when Firefox closes" [shutdown sanitizer]
-- but since they currently work very differently, it is taking some time.