this post was submitted on 09 Oct 2023
39 points (91.5% liked)

Privacy

31814 readers
247 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

I am using Mozilla Firefox as my web browser. I have configured it to clear cookies, active logins, form & search history, and offline website data when I close Firefox. Should I also configure it to clear the cache? What are the privacy implications if I don't clear the cache?

EDIT: additional information:

  • My goal is to reduce fingerprinting and tracking by websites.
  • I use Mozilla Firefox on my personal laptop that almost never leaves my residence. The laptop has full disk encryption. I am the only user of the laptop.
  • I don’t erase my web browser history. I want to keep browser history for my future reference.
all 19 comments
sorted by: hot top controversial new old
[–] jet@hackertalks.com 13 points 1 year ago* (last edited 1 year ago) (3 children)

If you don't clear the cache, somebody could forensically examine your hard drive, and infer what websites you've been to.

The tricky thing is, even if you clear the cache on exit, the files still exist on the hard drive or SSD. And still can be recovered forensically. It's better to not write them at all to disk if you're worried about privacy

If you want to browser that doesn't store anything on disc, look at the tor foundation browser, or the mullvad browser. Both code bases do everything they can to prevent things from being written to disk even temporarily.

[–] pineapplelover@lemm.ee 22 points 1 year ago (3 children)

This is why I drill my drives everytime I shut down my computer /s

[–] miss_brainfart@lemmy.ml 9 points 1 year ago

Ah, the famous hard reset

[–] jet@hackertalks.com 5 points 1 year ago* (last edited 1 year ago) (1 children)

Expensive practice:) I've worked for corporations that require all data storage to be destroyed when the computer is retired or resold. So the drives get stripped out, sent to a company that certifies that the drives are completely destroyed. Because of this exact reason.

I think I've even seen the iron mountain data destruction truck parked outside. They just destroy the hard drives on site even. It's great

[–] pineapplelover@lemm.ee 1 points 1 year ago* (last edited 1 year ago)

Yeah the school district I worked for did this too

[–] taladar@sh.itjust.works 3 points 1 year ago

Are you even taking privacy seriously if you don't use thermite every time you close a browser tab to erase all evidence?

[–] corey389@lemmy.world 2 points 1 year ago* (last edited 1 year ago)

That's why you use a TMP drive for cache, a ram disk or on Linux store cache in tmpfs.

[–] possiblylinux127@lemmy.zip 0 points 1 year ago

It you can also use librewolf

[–] taladar@sh.itjust.works 7 points 1 year ago (1 children)

You probably want to add to your post what kind of device in what kind of environment we are talking about.

Is it a device in your own home where you live alone or something you carry around? Is the device storage encrypted?

What are you worried about? Local access or some sort of data leakage when you revisit a site?

[–] citytree@lemmy.ml 2 points 1 year ago

Thank you for the feedback. I have added additional information to the original post. I hope that the additional information answers all your questions.

[–] glorious_puffy@lemmy.world 5 points 1 year ago (1 children)

Is this really necessary since if it is your own device

[–] library_napper@monyet.cc 2 points 1 year ago (1 children)

Yes, because caches willl change the way your browser sends requests, and this can be used to fingerprint you

[–] glorious_puffy@lemmy.world 1 points 1 year ago (1 children)

Do I have to clear history too? Or just cookies and site data is fine?

[–] library_napper@monyet.cc 1 points 1 year ago

Personally I shred the profile directory after every use.

Or use a QubrsOS DispVM, so the entire VM is destroyed after every use.

[–] possiblylinux127@lemmy.zip 1 points 1 year ago

Try librewolf

[–] anon5621@lemmy.ml 1 points 1 year ago

In my opinion there attack surface about cache of browser which can lead to privacy leak https://portswigger.net/web-security/web-cache-poisoning

[–] zepheriths@lemmy.world 1 points 1 year ago (1 children)

Let's look at this from an even more practical use case. The cache can become very large. To the point of it interfere with loading other programs and even itself. You absolutely should clear it even if you don't care a privacy because the benefits are minimal

[–] Tibert@jlai.lu 5 points 1 year ago* (last edited 1 year ago)

Most of the time, the cache is limited in space. Unless you need the 1-1.5gB of space, it won't affect much.