Comments (10)
I still fail to see how starting in PB mode is of any benefit.
PB is designed to make the browsing session resilient to unsophisticated local attackers, network level privacy is not an immediate goal (except through cookie jar isolation/cookie stealing mitigation which is, as you said, irrelevant when blocking all cookies in the first place/disabling cross-site requests)
https://wiki.mozilla.org/Private_Browsing
data [...] should not be written to the disk in a way that is exposed to the user either through the Firefox UI, or through the typical OS-provided mechanisms for viewing the information on the disk
[...] does not include protecting against scenarios such as [...] the OS caching the sensitive information in memory to the disk, probes inspecting the process memory at runtime, as such topics are outside of the scope of this feature's intended threat model.
Private Browsing is only a (convenient) master switch to toggle persistent local storage on/off. Basically all protection (other than cookie jar isolation) against remote attackers/tracking is already available in non-private browsing mode:
Is network level privacy a goal?
Experience suggests that users believe that private browsing implies some amount of network level privacy, but from a technical standpoint this is a challenging problem of its own so we have decided to not tackle it for now.
An Analysis of Private Browsing Modes in Modern Browsers has more info.
I would also like to know if PB mode respects any cookie settings made in the Options UI, and if it respects site permissions
This mozilla support page seems to indicate so: https://support.mozilla.org/t5/Firefox/Why-is-it-call-Private-Browsing-if-cookies-can-be-seen-from-the/td-p/1058044, but this could be verified
You can inspect the PB mode cookies via the command line in the Web Console (Firefox/Tools > Web Developer) via the document.cookie array. Note that the same rules for accepting and blocking cookies are used in PB mode and in regular mode, the only difference is a separate cookie jar that is joined among all PB mode tabs. (https://bugzilla.mozilla.org/show_bug.cgi?id=823941)
In short if you make sure to disable all kind of persistent storage in normal sessions through user.js
Private Browsing should have no real advantage.
A good way to check for full coverage of the persistent storage preferences, would be to create 2 new fresh profiles configured with user.js
, 1 with PB enabled, 1 with PB disabled, reproduce the exact same browsing session on 2 profiles, close the 2 browsers and compare their profile/cache directories (there should be no more information stored in the non-PB profile than in the PB-enabled one).
from user.js.
Closing all Private Windows clears all traces. I think that's important to note.
👍 for the rest
from user.js.
I don't use Private Browsing. Even if you bypass the false idea of anonymity many users believe in to consider only what it implies in reality my opinion is that it's not worth it.
Maybe this excerpt from this post can be recalled:
Private Sessions dont interact with the data of your normal sessions. But normal sessions can access the data of other normal sessions (i. e. Youtube can access the Google Coockie). Private browsing behaves the dame way. Private and normal browsing cannot interact with each other. Private windows can access cookies and such set by other private windows. This will reset when you close all private session.
Just a quick note: Using Chrome Incognito, Firefox private tab or various doesn't make you anonymous. It's not even close to anonymization. It's just a regular tab that will expose every data that it would send otherwise too. The only difference is the rollback it performs when you close the private window. The private session wont store any data on your device but it still exposes various data to the web provider and wont make you more secure or whatever on that end
The main idea is that Private windows can access cookies and such set by other private windows.
OK, all is removed once you restart Firefox ... but within the session you're vulnerable. That's how I see it.
from user.js.
In short, I see PB as browsing which clears "forensic" evidences on the computer/browser you are using for browsing.
Not to waste too much time, I find PB useless.
Only "pro", which @Thorin-Oakenpants mentioned, is that it clears HSTS when closed, but you need to close all PB windows to achieve that. So again... almost useless.
PB is just giving users false sense of security and I don't use it at all.
from user.js.
a privacy-related feature that is confusing can do much more harm than good
https://w3ctag.github.io/private-mode/
Open a tab in private mode: https://addons.mozilla.org/en-US/firefox/addon/private-tab/
gorhill/uMatrix#350
gorhill/uBlock#104
from user.js.
@Atavic, for accesing multiple accounts on the same web page I more like the "container" feature. ;)
user_pref("privacy.userContext.enabled", true);
from user.js.
PB is just giving users false sense of security
That's a bit harsh IMHO - it does say exactly what it does and doesn't do. And it's called "Private Window" and not "Anonymous Window" for a reason.
This is why I always think its better to start in normal mode and flick open a new private window when needed
I agree. It would still be nice if it was somehow possible to clear the "private" bits in memory without closing all PB windows. And also to be able to see the "private" cookies (for example).
from user.js.
I still stand by my statement that starting in PB mode offers nothing you can't achieve in normal mode
I agree, apparently (though this needs to be actually tested/verified working). PB mode also has drawbacks
- Need to close the browser to clear memory caches/cookie jars
- Cookie management addons not working, no cookie viewer https://bugzilla.mozilla.org/show_bug.cgi?id=823941
- Same usability downgrade as with
DISABLE CACHING
settings (no history, slower due to disabled caches...).
My own method is to disable forced private browsing, re-enable persistent storage for usability/performance; the only use case for PB mode is using a shared/someone else's machine (eg. I don't care about the motivated local attacker scenario which can pwn me through memory/swap access/keylogging/... anyway. Mitigations against this are at the OS level).
It is fine to enforce Private Browsing if you want the most hardened setup, and usability is not a concern. It is fine to leave it disabled if you have other measures in place to mitigate local exploits/theft (sandboxing, FDE), and want access to history, or cookie management addons.
OT: The PK readme states [...] I have indexeddb off and uBo works perfectly.
Yes I have not tested this, it might be from an earlier version. Apparently related to pyllyukko/user.js@ce5ba07 -> http://forums.mozillazine.org/viewtopic.php?p=13842047; pyllyukko/user.js#8. I will open an issue for this, thanks.
from user.js.
@Thorin-Oakenpants regading your Cookies pointers, I rehash these:
https://github.com/ghacksuserjs/ghacks-user.js/issues/11
Synzvato/decentraleyes#99
from user.js.
PB mode is best used as a one off windows
then that's no longer PB mode (only) as per this pref. I would write Private browsing is best ....
without the "mode" and maybe also add "therefore this pref is commented out by default" or something like that.
Maybe enable "Always use private browsing mode"
would be a better title too, idk
from user.js.
Related Issues (20)
- ToDo: work out WTF this all means and fixup if required HOT 5
- Privacy-Preserving Attribution (FF 128) HOT 14
- Make Updater.sh shell agnostic HOT 3
- Is it necessary to disable canvas from the browser if it offers to disable or allow them on the site? As well as browser security settings presets HOT 3
- add FPP granularOverrides for the FYI factor HOT 30
- Overrides won't work HOT 6
- ToDo: diffs FF126-FF127 HOT 14
- v128 SOCKS change HOT 2
- RFP: exclude timezone as UTC/GMT and use my real one HOT 2
- How to enable click to copy? HOT 2
- Quarantined domains aren't enforced if a certain add-on is disabled HOT 3
- extensions.enabledScopes HOT 1
- Are `network.dns.disablePrefetch`/`network.dns.disablePrefetchFromHTTPS` master switches of `dom.prefetch_dns_for_anchor_http_document`/`dom.prefetch_dns_for_anchor_https_document`? HOT 2
- ToDo: diffs FF127-FF128 HOT 27
- Question about extensions HOT 1
- Wiki Question: Is the "xxx fingerprint defender" suite of Addons recommended ? HOT 2
- linux: Is it possible to force Firefox use StandardFonts HOT 12
- Firefox HTTP -> HTTPS change in version 129 HOT 1
- confused... HOT 4
- [Question] Implications of disabling `network.dns.native_https_query` HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from user.js.