I am using Mozilla Firefox as my web browser. I have configured it to clear cookies, active logins, form & search history, and offline website data when I close Firefox. Should I also configure it to clear the cache? What are the privacy implications if I don’t clear the cache?
EDIT: additional information:
- My goal is to reduce fingerprinting and tracking by websites.
- I use Mozilla Firefox on my personal laptop that almost never leaves my residence. The laptop has full disk encryption. I am the only user of the laptop.
- I don’t erase my web browser history. I want to keep browser history for my future reference.
If you don’t clear the cache, somebody could forensically examine your hard drive, and infer what websites you’ve been to.
The tricky thing is, even if you clear the cache on exit, the files still exist on the hard drive or SSD. And still can be recovered forensically. It’s better to not write them at all to disk if you’re worried about privacy
If you want to browser that doesn’t store anything on disc, look at the tor foundation browser, or the mullvad browser. Both code bases do everything they can to prevent things from being written to disk even temporarily.
This is why I drill my drives everytime I shut down my computer /s
Ah, the famous hard reset
Expensive practice:) I’ve worked for corporations that require all data storage to be destroyed when the computer is retired or resold. So the drives get stripped out, sent to a company that certifies that the drives are completely destroyed. Because of this exact reason.
I think I’ve even seen the iron mountain data destruction truck parked outside. They just destroy the hard drives on site even. It’s great
Yeah the school district I worked for did this too
Are you even taking privacy seriously if you don’t use thermite every time you close a browser tab to erase all evidence?
Full disk encryption seems like an alright solution too
That’s why you use a TMP drive for cache, a ram disk or on Linux store cache in tmpfs.
It you can also use librewolf
You probably want to add to your post what kind of device in what kind of environment we are talking about.
Is it a device in your own home where you live alone or something you carry around? Is the device storage encrypted?
What are you worried about? Local access or some sort of data leakage when you revisit a site?
Thank you for the feedback. I have added additional information to the original post. I hope that the additional information answers all your questions.
Is this really necessary since if it is your own device
Yes, because caches willl change the way your browser sends requests, and this can be used to fingerprint you
Do I have to clear history too? Or just cookies and site data is fine?
Personally I shred the profile directory after every use.
Or use a QubrsOS DispVM, so the entire VM is destroyed after every use.
Let’s look at this from an even more practical use case. The cache can become very large. To the point of it interfere with loading other programs and even itself. You absolutely should clear it even if you don’t care a privacy because the benefits are minimal
Most of the time, the cache is limited in space. Unless you need the 1-1.5gB of space, it won’t affect much.
deleted by creator
In my opinion there attack surface about cache of browser which can lead to privacy leak https://portswigger.net/web-security/web-cache-poisoning
Try librewolf