This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Want a way to block/remove evercookies.

  • 4 replies
  • 4 have this problem
  • 6 views
  • Last reply by home user

more options

Before Firefox 57, I had "BetterPrivacy" in hopes it would remove evercookies. That add-on is gone. I would like a way of blocking evercookies (zombie cookies), and removing what's already on my system. How can I do this within Firefox 57? If that's not possible, is there a good add-on for this? If not, how do I make the suggestion, either to the Firefox programmer community, or to the community of people who do add-ons?

Thank-you.

Before Firefox 57, I had "BetterPrivacy" in hopes it would remove evercookies. That add-on is gone. I would like a way of blocking evercookies (zombie cookies), and removing what's already on my system. How can I do this within Firefox 57? If that's not possible, is there a good add-on for this? If not, how do I make the suggestion, either to the Firefox programmer community, or to the community of people who do add-ons? Thank-you.

All Replies (4)

more options

Evercookies used to refer to cookies (LSO; locally stored objects) created by the Flash plugin. If you keep this plugin disabled ("Never Activate" or "Ask to Activate") then you shouldn't have them.

There are more types of storage in current browsers that website can use toy store data locally, so there is less need to use a lot of cookies that need to be send with every request.

more options

Thank-you.

Based on the Wikipedia evercookie article ("https://en.wikipedia.org/wiki/Evercookie"), my sense is that "evercookie" means something broader than what I understand you to be saying. An evercookie can be stored as an LSO object as you say, but also in at least 12 other places. An extract of the article is here between the lines of dashes:


An Evercookie is not merely difficult to delete. It actively "resists" deletion by copying itself in different forms on the user's machine and resurrecting itself if it notices that some of the copies are missing or expired. Specifically, when creating a new cookie, Evercookie uses the following storage mechanisms when available:

   Standard HTTP cookies
   local shared objects (Flash cookies)
   Silverlight Isolated Storage
   Storing cookies in RGB values of auto-generated, force-cached PNGs using HTML5 Canvas tag to read pixels (cookies) back out
   Storing cookies in Web history
   Storing cookies in HTTP ETags
   Storing cookies in Web cache
   window.name caching
   Internet Explorer userData storage
   HTML5 Session Web storage
   HTML5 Local Web storage
   HTML5 Global Storage
   HTML5 Web SQL Database via SQLite

The developer is looking to add the following features:

   Caching in HTTP Authentication
   Using Java to produce a unique key based on NIC information.

So if any copy of an evercookie is deleted, it can be re-created. Thus blocking LSOs is not adequate. How can I get rid of *all* copies of evercookies associated with a tab when I close that tab, or all copies of all evercookies when I close Firefox?

more options

Note that IndexedDB is missing from the list and SQL Database never really made it. The Storage Inspector in mentioned above can reveal HTML5 stoage methods and regular cookies. Flash you can control by allowing or blocking Flash. Silverlight is no longer supported (only Flash is supported). Storing data obscure places like ETAGS and links (GET DATA) can be limited by clearing the cache regularly or using Private Browsing mode (be aware that Tracking Protection can lbock wanted content).

See also:

more options

Thank-you, cor-el.

I consider this closed.