Doppelganger is a replacement for Firefox's cookie policy manager. Browser cookies can be very useful for keeping track of login sessions, shopping carts, or personal preferences. But they can also be used to track your activities online in a privacy-compromising way, typically for building marketing profiles. Doppelganger aims to protect your privacy by helping you accept only those cookies that enable sufficiently useful functionality that the privacy risks are outweighed.
Unlike existing solutions, Doppelganger specifically moves away from the model of users seeing or deciding which particular cookies to accept. Instead, it uses a more intuitive model of tradeoffs between privacy and functionality, making it easier to weigh those choices needed, while making easy choices automatically.
To do this, Doppelganger makes a hidden "fork" window for each browser window or tab you have open that sees what your session would look like with cookies enabled. If Doppelganger finds a difference between the default (no cookies) and the fork window (cookies) it alerts you and you can decide if the harm from the cookies is outweighed by the functionality that's turned on. If it finds no difference, it silently disables cookies without your having to do anything. Doppelganger also has a one-click error recovery mechanism; if it didn't automatically detect that cookies might be needed at a site where you do need them, you can click a special "FIXME" button and Doppelganger will take action (possibly replaying your session) so that it will look like you had accepted cookies in the first place.
Published paper
Getting started
First, install Doppelganger. Instructions are below.
Doppelganger should start by default. On the first run, it will ask you for your name and email IDs. You
should enter it like "Umesh Shankar ushankar mysecondemailid". The
idea is that it tries to detect certain personalization and auto-login
features automatically using this infomation.
Doppelganger adds a couple of buttons, a status message, and
a checkbox to the status bar.
(You can leave checkbox labeled "debug"
unchecked unless you are very curious or want to examine Doppelganger
internals. If you do open the debug window, be sure not to close it
directly; instead, uncheck the checkbox in the browser.)
The first button is labeled "Paranoia" and lets you control how
Doppelganger handles first-party session cookies. (Third party cookies
are all blocked by default.) There are three paranoia settings:
high, medium and low. You probably want medium or low, which will
automatically enable some or all first party session cookies,
respectively. With the low setting, you will get only a small number
of left-or-right dialogs, corresponding to useful persistent cookies
set by sites you visit. With the high setting, you will get the
maximum control over session cookies, but have to answer more
questions. So there is a tradeoff between increased privacy (paranoia)
and ease of use. Doppelganger always asks you to choose for persistent
cookies, though.
The next button is labeled "FIXME". It's used to recover automatically
from the situation where you need cookies to use a site, but they were
not enabled for some reason. More details are below.
The status message shows the status of the hidden window relative
to the main one. "Sync" means the two windows are in sync. "No sync" means there
was an error loading one or the other page, and Doppelganger won't be
able to do its automatic actions. "Loading" means the fork window is
still loading the current page. And "Fork off" means the fork windows
has stopped mirroring for one reason or another (a decision was already
made, you spent a long time at the site, etc.). The main thing to note
is that
You can browse as you normally would. When you visit a site,
Doppelganger will mirror your actions in a hidden window, looking for
differences between the hidden window and the visible one. If it
finds a difference, it will --- depending on your paranoia setting ---
show you a side-by-side view of the two windows, along with a
description of the privacy risks you face in switching to the content
in the (heretofore) hidden window. You have to decide if the privacy
risk is justified by the additional functionality. If Doppelganger can
figure out what that additional functionality might be, it will
highlight it on the right-hand page.
If a site does not work properly (e.g., doesn't log you in
automatically when it should or there is an error message telling you
to turn on cookies) Doppelganger should detect it automatically.
Sometimes it won't, for various reasons. In those cases, you can
click the FIXME button, which tells Doppelganger that something's
wrong, and that you might want cookies enabled for the site you're
at. Doppelganger will take some action to resolve the problem,
possibly replaying your session at that site to get you to a good
state. In some cases, cookies may be enabled already, in which case
Doppelganger probably cannot fix the problem on its own since it's not
cookie-related.
If you get a yellow bar across the top of your browser saying that
Firefox blocked the installation, click the button on the bar, then
click "Allow". Make sure "www.cs.berkeley.edu" is in the allowed
list. Then click the link to download the extension again. It should install.
If you don't want to take chances with your default Firefox profile,
you can make a new profile by running
Installation
1. First you need a customized build of Firefox
A: Because in order to get fine-grained access controls on cookies
from a Javascript-based extension, I had to add about 30 lines of code
to Firefox. I'm currently working to get the patch into the trunk build, and released with Firefox 3.
You just unzip/untar the file and everything's there. The binary you
want to run is [dir]/dist/bin/firefox.
You can also get the diff against the Firefox 1.5.0.x source if you want to patch it directly.
A patch against Firefox 2.0 is also available.
2. Next, you need to install the Doppelganger extension
firefox -ProfileManager
Then,
when you run Firefox, execute
firefox -P yournewprofilename
Then, download and install the extension.
Upgrading Doppelganger / Resetting its state
Upgrading
Clearing state
Bugs
There are some known bugs in Doppelganger. You can view them or file
additional ones using Bugzilla for Doppelganger at https://hotmix.cs.berkeley.edu/bugzilla (soon to be migrated to umeshshankar.com).