imported trac ticket
created: 2011-04-25 14:16:04
When !RequestPolicy is uninstalled, it leaves behind the user's whitelist in the browser configuration. I think the correct default behavior is to instead remove all traces of RP that we can remove.
This would mean that if the user expected this data to remain after uninstall, restart, and install again, their custom whitelist would be permanently lost. Though this is unfortunate if the user didn't expect to lose their whitelist, it seems dangerous to leave the data behind as other users will reasonably assume that this data was removed. The potential impact of assuming the data is deleted is worse than assuming it isn't. If a user had whitelisted sites that they no longer wanted others to be able to determine they had visited (e.g. the user had specifically cleared all browser history, cookies, cache, etc. at some point after uninstalling RP), then the fact that RP didn't delete this data may put the user at risk if others obtain access to their computer. The risk of this unexpected data remaining is too great to justify the potential usability benefit of leaving behind the whitelist after uninstall.
Note that starting with RP 0.6, we'll need to delete the "requestpolicy" directory from the user profile directory, as well.