Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> Missing: a way to disallow any non-whitelisted hosts from a tab. E.g. having a gmail tab is useless, because every link you click will open in that profile (and you won't notice because hey, it works) and now your gmail credentials and cookies are available there. Again defeats the purpose. Especially for a "Banking" tab, for example.

You can mitigate some of this with Cookie AutoDelete which has support for contextual identities. After you close a tab it'll nuke cookies for any non-whitelisted domain for that context.



I think parent comment wanted something more like First-Party Isolation (privacy.firstparty.isolate and privacy.firstparty.isolate.restrict_opener_access in about:config, use with caution - it will break things, including breaking Cookie Auto-Delete extension)

https://www.reddit.com/r/firefox/comments/6y7lpw/what_is_fir... (sorry, don't know any mozilla.org link for FPI that has any good description what it does and how it works)


But at that point the third party website might have already accessed those cookies.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: