User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:52.0) Gecko/20100101 Firefox/52.0 Build ID: 20170802111520 Steps to reproduce: 1. Visit https://dropmail.me/en/ 2. Make a note of the email address it assigns to you 2. Close this tab 3. Go to menu, history, delete recent history, select "everything" and delete everything that can be deleted through this menu. 4. Close Firefox 5. Change your IP address 6. Open Firefox again 7. Visit https://dropmail.me/en/ Actual results: The website still remembers you and offers you to restore the address you previously noted. Expected results: Obviously, the website should not be able to reidentify you. This is likely caused due to very loose restrictions regarding the use of IndexedDB. See here: https://superuser.com/questions/1250944/how-can-this-website-reidentify-me-even-after-deleting-all-of-my-browsers-histo Note that I have never allowed this website to use IndexedDB nor have I been informed! (see the question above and the answer by Arjan) I thought you are "obsessed with protecting your privacy"? (that's somewhere written on your website) And now there is a way to precisely track individual users even when they think they did everything to prevent that. Also note that other browsers are not affected by this issue. When I delete my history in Microsoft Edge, the website can not reidentify me!

Why do you think this is a regression and critical? Dupe of bug 1047098?

These is largely fixed by the new "site data" UX in ff57. Deleting site data removes all quota storage like IDB and cookies. I guess it's an open UX question if deleting history should wipe all site data as well. Hsin-Yi can you include this in the other bugs I sent your way regarding storage, permissions, and UX. Also, I'm fairly certain this is not a regression.

(In reply to Ben Kelly [:bkelly] from comment #2) > These is largely fixed by the new "site data" UX in ff57. Deleting site > data removes all quota storage like IDB and cookies. > > I guess it's an open UX question if deleting history should wipe all site > data as well. Hsin-Yi can you include this in the other bugs I sent your > way regarding storage, permissions, and UX. Yes, it's an open UX question. Looping PM and UX in CC. > > Also, I'm fairly certain this is not a regression.

This is UX call. Mark, what do you think? Could you have a UX discussion from UX side?

We had the similar concerns reported in bug 1399753. (See bug 1399753 comment 17, bug 1399753 comment 18)

To match users expectation, I think once a user check all the options when clearing browse history, there should be no trace or data left at all. And user will still have the option to uncheck the options and clear only certain data.

This is a duplicate of 1047098. Let's move discussion to the oldest bug on this that we can find.