The sessionHash in farbling white lies is stable for the whole session. Consider allowing users to regenerate the hash or allow users to modify the hash for each page reload (or even for each wrapper call).
Add possibility to reset the farbling key.
The state is cleared, fingerprint changes. User is warned in a different way. Maybe there can be a button (in the popup) that allows to change the identity.
The preferred way is to sync with cookie cleaning.
Farbling can be reseted by restarting the browser or reinstall the extension.
One can also inspect the extension memory by going to about:debugging (Firefox) or chrome:extensions (Chrome), finding JShelter and inspecting its memory. The object Hashes stores the current configuration. So:
delete Hashes.visitedDomains["pagure.io"];
removes the current hash for pagure.io.
(Note that once we switch to manifest v3, there won't be any background page so the memory fiddling workaround will stop working. We will need to keep the hashes in a storage so a different workaround will be possible. The hashes might be visible in the Advanced options of the extension.)
Metadata Update from @polcak: - Issue set to the milestone: None (was: NLNet evaluation)
https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/API/cookies/onChanged should allow detection of cookie removal but it needs cookies and host permissions. We do not need cookies permission atm. We might hide automatic reset under an opt-in settings.
#113 is effectively a duplicate of this issue.
Log in to comment on this ticket.