InformAction Forums

The Self-Destructing Cookies extension can delete cookies when the tab using them is closed.
I'd like to see a similar feature in NoScript: Automatically expire those temporary permissions that aren't used by any open tabs, maybe after a configurable grace period ...

In some ways, that's a nice idea. I'm sure a lot of people would like to use it.

However, from a security standpoint, it is not really all that helpful. Either a site is going to attack you immediately, and revoking later won't help, or it's safe, and revoking isn't needed.

From a privacy perspective, it makes sense to destroy things immediately after you're finished using them. But from a security perspective, it doesn't. All it will achieve is a false sense of security.

And Self-Destructing Cookies works by polling the cookie jar constantly, checking whether there are open tabs associated with cookies. NoScript would have to do this for your whole whitelist, imposing a performance hit (especially for big whitelists), without really giving you any more security.

So I like this idea, but if it came to a vote, I would vote against it.

Thrawn wrote:In some ways, that's a nice idea. I'm sure a lot of people would like to use it.

However, from a security standpoint, it is not really all that helpful. Either a site is going to attack you immediately, and revoking later won't help, or it's safe, and revoking isn't needed.

From a privacy perspective, it makes sense to destroy things immediately after you're finished using them. But from a security perspective, it doesn't. All it will achieve is a false sense of security.

And Self-Destructing Cookies works by polling the cookie jar constantly, checking whether there are open tabs associated with cookies. NoScript would have to do this for your whole whitelist, imposing a performance hit (especially for big whitelists), without really giving you any more security.

So I like this idea, but if it came to a vote, I would vote against it.

Yes, I was thinking mainly from the privacy and less from the security perspective - and cannot remember my temporary whitelist having more than a dozen entries ...

You know, I've reconsidered; I actually think that this would be helpful when investigating which scripts are needed vs junk. But there might still be problems regarding a false sense of security. And it would likely be a good-sized chunk of work for Giorgio, who is already very busy.

Thrawn wrote:I actually think that this would be helpful when investigating which scripts are needed vs junk.

How so?

Thrawn wrote:But there might still be problems regarding a false sense of security.

What problems? I don't see how this feature would give me a false sense of security. You allow a site once, that's generally all the chance it needs to do malicious things to you if it's going to, and revoking the permission later won't make any difference.
More like, if the configurable grace period is implemented, this feature would be a convenience for long browser sessions when I may forget what all I've Temp-Allowed and I didn't think to check the Revoke Temporary Permissions tooltip. If temporary permissions for objects are revoked as part of this, it could also help mitigate the need for this RFE. So to me, it would have a good use that is neither security nor privacy related.

+1 from me if it has that configurable grace period (otherwise I wouldn't use this feature at all), but this feature is not super important IMO.

barbaz wrote:

Thrawn wrote:I actually think that this would be helpful when investigating which scripts are needed vs junk.

How so?

No need to revoke temporary permissions - possibly wiping out temporary permissions on other sites - once you're done.

Besides the convenience, there is also the fact that the sooner you wipe temporary permissions, the sooner you shrink your attack surface for trusted sites to be compromised. NS is pretty effective at stopping such attacks anyway, but the fact remains.

Thrawn wrote:But there might still be problems regarding a false sense of security.

What problems? I don't see how this feature would give me a false sense of security. You allow a site once, that's generally all the chance it needs to do malicious things to you if it's going to, and revoking the permission later won't make any difference.

Yes, you understand that, and so it's not a problem for you - but what about Joe User?

More like, if the configurable grace period is implemented, this feature would be a convenience for long browser sessions when I may forget what all I've Temp-Allowed and I didn't think to check the Revoke Temporary Permissions tooltip.

It might also have some application for people who want to allow things per-tab; it won't quite do that, but it would come close if you visit sites sequentially.

+1 from me if it has that configurable grace period (otherwise I wouldn't use this feature at all), but this feature is not super important IMO.

No, it certainly isn't.

Thrawn wrote:Besides the convenience, there is also the fact that the sooner you wipe temporary permissions, the sooner you shrink your attack surface for trusted sites to be compromised. NS is pretty effective at stopping such attacks anyway, but the fact remains.

Interesting, I didn't think of it that way. That would be nice.
Still not hugely important though.

Thrawn wrote:

Thrawn wrote:But there might still be problems regarding a false sense of security.

What problems? I don't see how this feature would give me a false sense of security. You allow a site once, that's generally all the chance it needs to do malicious things to you if it's going to, and revoking the permission later won't make any difference.

Yes, you understand that, and so it's not a problem for you - but what about Joe User?

Well, I can't speak for Joe User generally, but one of the least techie people I know seems inclined to think that on the Internet, allowing something even once is REALLY scary because it just might attack right then and there...

There are initialization for toolbarbutton (CB), abolishing the temporary permissions when changing or closing active tab.
The switch is only separately: CB_Disable_Initialization or Disable/Enable Button.

User Riar has suggested that marking any sites that had auto-revoked temporary permissions would help eliminate some of the potential for false sense of security, in that users could know what was automatically revoked and they wouldn't be fooled by Unicode-lookalike domains, by being accustomed to Temporarily Allowing the same site(s) a lot. I think that is a good idea and should apply to this RFE if it is implemented.
That discussion (which is about auto-revoking temporary permissions after user-configured time period) is at viewtopic.php?f=8&t=21615