Doppelganger download/install

Authors: Umesh Shankar [umeshshankar.com homepage] (umesh-dg@umeshshankar.com) and Chris Karlof (ckarlof@cs.berkeley.edu)
Help wanted: We are looking for people to work on Doppelganger. If you're interested in it from an open-source, research, or commercial perspective, please contact us.

What is Doppelganger?

Doppelganger is a replacement for Firefox's cookie policy manager. Browser cookies can be very useful for keeping track of login sessions, shopping carts, or personal preferences. But they can also be used to track your activities online in a privacy-compromising way, typically for building marketing profiles. Doppelganger aims to protect your privacy by helping you accept only those cookies that enable sufficiently useful functionality that the privacy risks are outweighed.

Unlike existing solutions, Doppelganger specifically moves away from the model of users seeing or deciding which particular cookies to accept. Instead, it uses a more intuitive model of tradeoffs between privacy and functionality, making it easier to weigh those choices needed, while making easy choices automatically.

To do this, Doppelganger makes a hidden "fork" window for each browser window or tab you have open that sees what your session would look like with cookies enabled. If Doppelganger finds a difference between the default (no cookies) and the fork window (cookies) it alerts you and you can decide if the harm from the cookies is outweighed by the functionality that's turned on. If it finds no difference, it silently disables cookies without your having to do anything. Doppelganger also has a one-click error recovery mechanism; if it didn't automatically detect that cookies might be needed at a site where you do need them, you can click a special "FIXME" button and Doppelganger will take action (possibly replaying your session) so that it will look like you had accepted cookies in the first place.

Documentation

Published paper

An academic paper describing this work was published at the ACM CCS '06 conference.
It has useful and more detailed information about how Doppelganger works, the motivations behind it and the design, and information about related work in the area.

Getting started

First, install Doppelganger. Instructions are below.

Doppelganger should start by default. On the first run, it will ask you for your name and email IDs. You should enter it like "Umesh Shankar ushankar mysecondemailid". The idea is that it tries to detect certain personalization and auto-login features automatically using this infomation.

Doppelganger adds a couple of buttons, a status message, and a checkbox to the status bar.

(You can leave checkbox labeled "debug" unchecked unless you are very curious or want to examine Doppelganger internals. If you do open the debug window, be sure not to close it directly; instead, uncheck the checkbox in the browser.)

The first button is labeled "Paranoia" and lets you control how Doppelganger handles first-party session cookies. (Third party cookies are all blocked by default.) There are three paranoia settings: high, medium and low. You probably want medium or low, which will automatically enable some or all first party session cookies, respectively. With the low setting, you will get only a small number of left-or-right dialogs, corresponding to useful persistent cookies set by sites you visit. With the high setting, you will get the maximum control over session cookies, but have to answer more questions. So there is a tradeoff between increased privacy (paranoia) and ease of use. Doppelganger always asks you to choose for persistent cookies, though.

The next button is labeled "FIXME". It's used to recover automatically from the situation where you need cookies to use a site, but they were not enabled for some reason. More details are below.

The status message shows the status of the hidden window relative to the main one. "Sync" means the two windows are in sync. "No sync" means there was an error loading one or the other page, and Doppelganger won't be able to do its automatic actions. "Loading" means the fork window is still loading the current page. And "Fork off" means the fork windows has stopped mirroring for one reason or another (a decision was already made, you spent a long time at the site, etc.). The main thing to note is that

You can browse as you normally would. When you visit a site, Doppelganger will mirror your actions in a hidden window, looking for differences between the hidden window and the visible one. If it finds a difference, it will --- depending on your paranoia setting --- show you a side-by-side view of the two windows, along with a description of the privacy risks you face in switching to the content in the (heretofore) hidden window. You have to decide if the privacy risk is justified by the additional functionality. If Doppelganger can figure out what that additional functionality might be, it will highlight it on the right-hand page.

If a site does not work properly (e.g., doesn't log you in automatically when it should or there is an error message telling you to turn on cookies) Doppelganger should detect it automatically. Sometimes it won't, for various reasons.  In those cases, you can click the FIXME button, which tells Doppelganger that something's wrong, and that you might want cookies enabled for the site you're at. Doppelganger will take some action to resolve the problem, possibly replaying your session at that site to get you to a good state. In some cases, cookies may be enabled already, in which case Doppelganger probably cannot fix the problem on its own since it's not cookie-related.

NOTE: Doppelganger is best with higher-resolution screens. It will work on a 1024x768 screen, and I've made some effort to make that usable, but it's not optimal for side-by-side comparisons.

Installation

1. First you need a customized build of Firefox

Q: Why do I need a customized build?

A: Because in order to get fine-grained access controls on cookies from a Javascript-based extension, I had to add about 30 lines of code to Firefox. I'm currently working to get the patch into the trunk build, and released with Firefox 3.
Download the appropriate version (Linux or Windows): Firefox 1.5.0.2 for Linux or Firefox 1.5.0.3 for Windows or (NEW) Firefox 2.0 for Linux
You just unzip/untar the file and everything's there. The binary you want to run is [dir]/dist/bin/firefox.
To ensure that you are running the patched Firefox, close all open Firefox windows before running the patched one.

You can also get the diff against the Firefox 1.5.0.x source if you want to patch it directly. A patch against Firefox 2.0 is also available.

2. Next, you need to install the Doppelganger extension

You can install it directly from this download (you should get a dialog), or save it to disk and then open it in Firefox. The extension will be periodically automatically updated by Firefox, if a new version is available.

If you get a yellow bar across the top of your browser saying that Firefox blocked the installation, click the button on the bar, then click "Allow". Make sure "www.cs.berkeley.edu" is in the allowed list. Then click the link to download the extension again. It should install.

If you don't want to take chances with your default Firefox profile, you can make a new profile by running

firefox -ProfileManager
Then, when you run Firefox, execute
firefox -P yournewprofilename
Then, download and install the extension.

Upgrading Doppelganger / Resetting its state

Upgrading

If you don't want to wait for the automatic upgrade process through Firefox, you can just download the newest version from this page, open the .xpi file in Firefox and install it; it should replace the existing one.

Clearing state

If you want to clear out the old state, in the debug window there are buttons to "Clear Site/Visit State" and "Clear All Cookies". Alternatively, you can kill the profile and make a new one.

Bugs

There are some known bugs in Doppelganger. You can view them or file additional ones using Bugzilla for Doppelganger at https://hotmix.cs.berkeley.edu/bugzilla (soon to be migrated to umeshshankar.com).
You can get lots of debugging output in the Javascript console by opening the debug window and checking the various boxes at the bottom of the dialog. Doing this and saving/cutting+pasting the console output (Tools > Error Console) into the bug report could be helpful if the initial report isn't enough to resolve the problem.