Firefox and IndexedDB from a Privacy perspective

The Firefox web browser like any other modern web browsers uses IndexedDB to store persistent data that is associated with the browsing profile.

A report on German computer magazine Heise suggests that Firefox’s handling of the storage may impact user privacy on the Internet.

Websites may store IndexedDB data when a user connects to the site (and allows JavaScript execution).  The process itself happens in the background; there is no user interaction or prompt.

While Firefox users have several tools at their disposal to manage the data, it has two deficiencies when it comes to the handling of IndexedDB data.

First, that the clearing of browsing data does not touch the data, and second, that Firefox users have little control when it comes to allowing or denying sites the right to save data in the first place.

Firefox and IndexedDB

firefox offline storage

Firefox users have two main options currently when it comes to IndexedDB data. They may use Page Info to clear the storage, or the Firefox Developer Tools.

A right-click on any web page and the selection of Page Info opens the configuration window. It highlights if the domain has saved data to the local system, and how much.

The clear storage button works, but it will only clear the data for that particular site. The options to set the process to “always ask” or “block” don’t work properly however, and are reset automatically when Firefox is restarted.

The about:preferences#privacy setting “Tell you when a website asks to store data for offline use” does not work either” when it comes to this type of storage.

Page Info’s permissions page has little use when it comes to managing local data, as it lists data only for the active domain.

The Firefox Developer Tools improve this slightly; the data that is stored in the database is listed by the browser’s Developer Tools, but again only for the selected domain.

firefox developer tools indexeddb

Press F12 to open the Developer Tools, and select Storage when the interface opens. If you don’t see storage, click on settings and enable storage there first. You can delete entries individually there, or all at once.

The best option right now to find out which sites use the offline storage is the following one:

  1. Type about:support in the Firefox address bar.
  2. Click on the “open folder” link to open the Firefox profile folder on the local system.
  3. Go to storagedefault

firefox storage default

You can delete some or all of the folders there to clear the storage.

Firefox has an option to disable IndexedDB completely. Doing so may cause incompatibility issues with some websites.

  1. Load about:config?filter=dom.indexedDB.enabled in the browser’s address bar.
  2. Double-click on the name dom.indexedDB.enabled to toggle its value.

A value of true means that IndexedDB is enabled, a value of false that it is turned off.

Heise notes that the issue was first reported eight years ago to Mozilla.

Firefox 57 will improve the manageability of site data. It features a new Site Data entry under about:preferences#privacy which you may use to clear all data, and to manage data from sites that used the feature in the past.

firefox site data

This improves the management of persistent storage in Firefox, but it does not address the issue that site data is not deleted when the Firefox browsing history is deleted, nor that the permission system seems broken when it comes to persistent data.

Ghacks needs you. You can find out how to support us here or support the site directly by becoming a Patreon. Thank you for being a Ghacks reader.

The post Firefox and IndexedDB from a Privacy perspective appeared first on gHacks Technology News.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.