Cookies exceptions whitelisting not working

[BenFenner]

Private Browsing + Cookies would be the ideal setup for me.

Same here, which is why I've emulated it in Pale Moon for the past 10-15 years.

Privacy Menu Settings:



about:config settings (image, see text version below for actual minimum viable):



about:config settings (text):

browser.urlbar.autoFill;false
browser.urlbar.autoFill.typed;false
browser.urlbar.suggest.bookmark;false
browser.urlbar.suggest.history;false
browser.urlbar.suggest.openpage;false

Enjoy!

[BenFenner]

There seems to be no browser or no extension on the planet to refuse the cookies using a whitelist

It can be done with Pale Moon and the ηMatrix/uMatric/eMatrix extension. It may take a little getting used to, and there are probably better solutions, but it can be done.

[Goodydino]

If you refuse cookies, you are using a blacklist, not a whitelist, no? I default to blocking cookies and make exceptions to allow those that I need. That would be a whitelist.

[BenFenner]

Yep. eMatrix can be configured to block all cookies, and then only allow in the few you specifically choose.

[sunchild]

browser.urlbar.autoFill;false
browser.urlbar.autoFill.typed;false
browser.urlbar.suggest.bookmark;false
browser.urlbar.suggest.history;false
browser.urlbar.suggest.openpage;false

Thanks! This is what I've been looking for. Is there something to disable the prompt asking to remember password ?
I use pentadactyl, so I had to sanitize things up on shutdown with this:

Code: Select all

set sanitizeshutdown=cache,commandline,downloads,formdata,history,marks,offlineapps,passwords,registers,sessions

It's not possible. they are literally, by definition, in contradiction.

I agree. I do not wish to argue semantics. All I'm saying is it would be nice if you could start with Private Browsing (aka blacklist all persistence) and enable check boxes to whitelist only the things that you want to persist. But I assume there's more to Private Browsing than just persistence as Ben pointed out. It would be cool to have those greyed out options instead of twiddling with about:config.

[Moonchild]

start with Private Browsing (aka blacklist all persistence) and enable check boxes to whitelist only the things that you want to persist. But I assume there's more to Private Browsing than just persistence as Ben pointed out.

I guess it's still not entirely clear to you what private browsing is. Once again it is for local privacy. The moment you allow anything to persist, it's no longer private, and loses its power as both a privacy measure and measure to strictly separate what you do in a private window from everything else. Internally, private browsing is a "one-way sandbox" of sorts. Web content data (of all types) is stored in (volatile) memory, separate from what is normally used. It can read from persistent storage but only write to the memory storage, to allow the entire sandbox environment to be thrown out on window-close, leaving no trace of the window's activities in your profile.

[BenFenner]

Is there something to disable the prompt asking to remember password ?

Sorry, I forgot to include that part of my config. (Boy I wish I could edit that post I made just days ago!)
Here you go.
You're specifically interested in the 3 check-boxes in the Passwords submenu.

[sunchild]

You're specifically interested in the 3 check-boxes in the Passwords submenu.

Thanks again!

Internally, private browsing is a "one-way sandbox" of sorts. Web content data (of all types) is stored in (volatile) memory, separate from what is normally used. It can read from persistent storage but only write to the memory storage, to allow the entire sandbox environment to be thrown out on window-close, leaving no trace of the window's activities in your profile.

I did not know that the whole process was being "sandboxed" so to speak. I thought private browsing would just clean up everything on the disk when the browser is shutdown. That explains why the sanitizeshutdown setting only executed when I use Ctrl+q and not when I use my window manager's binding. Well, learnt something new today.

Is it possible at all to emulate private browsing mode without the sandboxing ? I really like the clean private browsing experience and have some cookies at the same time. I don't know if its just me (and maybe Ben), I would appreciate a setting to emulate this experience without messing with the about:config. Something I can just set & forget and have some peace of mind.

[BenFenner]

I would appreciate a setting to emulate this experience without messing with the about:config.

Technically I think these settings in about:config are also UI elements:

Code: Select all

browser.urlbar.suggest.bookmark;false
browser.urlbar.suggest.history;false
browser.urlbar.suggest.openpage;false 

I believe they are covered by the Preferences → Privacy → General → Location Bar settings:


So that leaves just 2 "autoFill" entries in about:config that I set and it is possible those are not required. I do like those settings turned off, but it might not be entirely necessary to emulate (approximate?) the private browsing experience? You should do your own testing.

Code: Select all

browser.urlbar.autoFill;false
browser.urlbar.autoFill.typed;false

Unfortunately (or fortunately depending on how you look at it) you sound like the kind of power user that should get used to and comfortable with the about:config menu. For practical reasons, it makes sense there are common settings with a polished UI, and then a huge swath of uncommon settings thankfully and blissfully provided to the user (through a UI with fewer frills/dev resources).

[sunchild]

I believe they are covered by the Preferences → Privacy → General → Location Bar settings:

That is much better.

Code: Select all

browser.urlbar.autoFill;false
browser.urlbar.autoFill.typed;false

This is not a problem with the pentadactyl statusbar. So I guess everything can be achieved from the settings menu.

Unfortunately (or fortunately depending on how you look at it) you sound like the kind of power user that should get used to and comfortable with the about:config menu. For practical reasons, it makes sense there are common settings with a polished UI, and then a huge swath of uncommon settings thankfully and blissfully provided to the user (through a UI with fewer frills/dev resources).

I don't mind using the about:config. Its just that I have more peace of mind knowing that I haven't missed out any setting. Maybe I should just give it some time to get accustomed to it. Private browsing has spoiled me.