Closed Bug 330884 Opened 18 years ago Closed 18 years ago

When different users on one system choose to save or not save passwords for sites, any other user can see sites they not only saved passwords for but can also see what other users have been saving/never saving passwords for.

Categories

(Toolkit :: Password Manager, defect)

x86
Windows XP
defect
Not set
major

Tracking

()

RESOLVED DUPLICATE of bug 234680

People

(Reporter: naomirocks, Unassigned)

Details

(Keywords: privacy)

User-Agent:       Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1

This privacy flaw has caused my fiancé and I to break-up after having dated for 5 years.

Basically, we share one computer but under separate Windows XP user accounts.  We both use Mozilla Firefox -- well, he used to use it more than I do but now we don't really use it.  The privacy flaw is this: when he went to log-in under his dating sites (jdate.com, swinglifestyle.com, adultfriendfinder.com, etc.), Mozilla promptly asks whether or not he'd like Firefox to save the passwords for him.  He chose never, obviously.  However, when he logged off his user account, and I logged onto my Windows XP account X amount of days later, I decided to use Firefox because hey -- it loaded everything much more efficiently, was better to work on with website designs and is a lot more stable than IE7beta2.

Firefox prompted whether or not I'd like it to save my password for logging into my website.  I chose never and changed my mind.  I went into the Password Manager to change the saved password option from Never to Always and that's when I saw all these other sites that had been selected as "Never Save Password."  Of course, those were sites I had never visited or could ever dream of visiting.

Then I realized who, how and what...  and sh*t hit the fan.  Your browser does not efficiently respect the privacy of different users for one system.

Reproducible: Always

Steps to Reproduce:
1. Create 2 unique user accounts (for steps sake, let's call the two accounts Joe and Mary) in Windows XP Home.
2. Logout and sign-in under Joe.
3. Open Firefox and go to an e-mail site or to jdate.com or wherever.
4. Attempt to log-in to the site so that Firefox will ask whether or not you want your password saved.
5. Choose not to save the password.
6. After successfully logging in and having selected the "never save password" option, logout.
7. Log-in as Mary and open Firefox.
8. Browse, browse, browse... but you don't really have to.  Just go to "View Saved Passwords," click on the tab that will show you sites to never save passwords for, and you'll see whatever painful site Joe denied to save a password for.
9. Break-up with fiancé.



Firefox should be respecting every single area of privacy per user on one system.  It's not doing that...  I'm going to submit this as Major because not everyone shares one computer, but it should really be considered Critical.
I don't know if you still have access to the computer you and your ex-fiancé shared, but it sounds like Firefox was sharing a profile between the two Windows XP user accounts.  How is that possible -- were both users administrators or something?  Were bookmarks separate?
Keywords: privacy
Or, as sp3000 points out, maybe he accidentally logged into one of those sites while you were logged into Windows XP.
All right, I think it's been figured out.

When we decided to have separate user accounts just a short time ago,
since the computer is mine and the log-in we used to share was mine,
we just ended up creating a separate user account for him.  However,
before that, he had installed and uninstalled another version of
Firefox in his own personal directory.  The first time this happened,
he was trying to hide this stuff from me by using Firefox and
participating on the sites in there.  I found out he had been using
another browser by one time accidentally sneaking up on him in the
middle of the night and he uninstalled it.  Later, after we had
separate user accounts, I installed Mozilla because it was great in
testing browser compatibility for websites in progress and it must
have picked up certain things from his previous profile.  He swears up
and down he never did it while logged-in to my account and I can't see
him messing up like that.  This is the only explanation I can think
of.

Regardless, even if the sites in the "Never Save Password" list were
from weeks ago, the sites show he's been logging in regularly and is
an active member.  So whatever...  I guess when he uninstalled Firefox
originally, it wasn't a completely clean uninstall.  That's the only
explanation since we couldn't duplicate my reported bug as easily as
we thought.

Also, I'm going to put this bug as dependent on that uninstallation of profile data bug that Jesse Ruderman sent me.  It seems new users will risk seeing old data on a new installation of the browser (after a complete uninstallation had been done).  I can't confirm that by replicating it, but I can just confirm it from this one time occurance at the moment.
Depends on: 234680
Marking as a dup of bug 234680 per comment 3.

*** This bug has been marked as a duplicate of 234680 ***
Status: UNCONFIRMED → RESOLVED
Closed: 18 years ago
No longer depends on: 234680
Resolution: --- → DUPLICATE
Reporter - where firefox is installed doesn't affect where the profiles are.  If he installed it while logged in under your windows account it doesn't matter what folder he installed it to. This in itself isn't a flaw, but a feature. Anyway, that's why you experienced the behaviour you did.

And ok, bugzilla isn't the place for this, but I can't help it.  Honey, I would think you would be the LAST person to be bothered by this. Not only did was he using your computer to be unfaithful, he wasn't smart enough to cover his tracks, and you got to know about it BEFORE buying the goods. If you're really THAT upset about finding out, take him back and pretend you never knew, or hold it over his head and use it to keep him in line.
I would also like to add that this seems more like a 'feature' at this point.  There is a button under Tools > Options > Privacy > History.  On the History tab, I believe, you will see a button for 'Erase My Relationship', underwhich, there are check boxes for '..because he is a cheating bastard', '..because he is a sneaky bastard who demeans me by thinking he can go behind my back', and '..because he jerked is insultingly stupid, so stupid, he deserved to be snared and he would have been a liability to have in your life, long-term'.

Check all that apply..

Ian

ps:  in all fairness, and not to sound like a two-dimensional bore, it's possible he was a habitual browser -- along with the being a liar -- where he just BROWSED the sites and looked at profiles, etc..   There's no telling whether he ever DID or would have had the cahones to really get out there and do something...   Maybe he just fantasized.  Maybe he just made-believe..  If that helps.  It's a difficult thing to bridle the male sex drive.  

Nevertheless, the problem is still that he lied..  he concealed.. 

Maybe this was a huge wake-up call after 5 years... maybe he's not the guy you thought he was... maybe its been 5 years of deception... Or, maybe it was just minor 'reveal' and not evidence of deep, serious transgression...just a 'white lie' where he was covering up some fantasy needs...and the 'white lie' need only be a bump in a long, long road and you can see if you can turn it into a growing experience..a call for a whole new level of openness in your relationship..  

If the relationship is otherwise a complete wash, what is there to lose?  Get it all out on the table.. Tell him he might as well say what he REALLY wants in his life.. what would his 'fantasy perfect male existence' be?  Get it stated, honestly and openly for once..  And then see whats what.. 

Best of luck..

Oh, and I WOULD double-check the credit card / phone records while you are at it...



The fact is, she is 100% correct, after reading the article I went to my
Windows 2000 Pro machine and went to tools > Options > Passwords > View Saved
Passwords > Passwords Never Saved and there were a list of sites that I did not
want passwords saved for. I then chose Clear Private Data and went back into
the password manager. The list was still there. Lastly, I created a new user
account, went into Password manager; guess what…the list was still there. Not
only is the list not cleared with private data, it is also shared between user
accounts on the same machine.
I think the only solution for now is very simple:

Never share your computer with your girlfriend.

I think the only solution for now is very simple:

Never share your computer with your girlfriend.

I'm somewhat confused as to how this can happen. I have tried creating both a second profile in my normal user account, and using a separate windows account. None of them had the same list of passwords not to save, as expected the two new accounts had empty lists.

Does that list get imported from IE settings or something like that?
I second what comment #10 said.  I have a guest account on my computer just for the purpose of making Firefox the default, and there isn't anything listed in password manager either.  
i was able to recreate this by going to the password-never-saved list under a second user account on my Windows 2000 pro computer.  Yikes! Although i only use opera for my porn-and-personal sites because of fears of the gf finding something in IE or Firefox.... There are other reasons this could be a big problem. Not just for cheating boyfriends, but, roommates who use one computer and maybe save or dont save info for shopping, school sites, etc.
I gotta say, I think lovelivelife12345@yahoo.com is right, it's possible that he just continued to browse those sites. They don't keep track of anything other than access, and it's possible that user activity is exaggerated to make the site appear more busy and worth subscribing to than it is. A relationship of 5 years is a big deal, and it'd be worth it to talk it out. Of course, he did lie, but when faced with a difficult to explain situation, one in which me may be completely innocent, the first and strongest urge is to lie. Just shows he wants to preserve the relationship really. I know, from being married for several years, that a misunderstanding can lead to some pretty big conflicts and there are thigns that, for the sake of simply avoiding a misunderstanding, I wouldn't want my wife to know, especially without a carefully thought out explanation prepared in advance. If he's unprepared to answer a charge his reaction will likely be to lie about it, even if he hasn't, really especially if he hasn't actually cheated on you.
Mossop - as per comment #3 what *actually* happened was that he installed firefox *before* they were using seperate windows profiles, so what really happened is this.

1. They're still using the same windows profile, 

2. He installs firefox in his director on her computer in her profile i.e. he installs it to c:\fiance\Mozilla Firefox\ instead of to c:\Program Files\Mozilla Firefox

3. He uninstalls firefox after she sees him using it

4. They create him his own Windows profile, she keeps using the one they were sharing

5. She installs firefox in a different directory than he did (eg c:/Program Files/Mozilla Firefox/)

6. As expected, firefox detects the already existing profile on her windows account.
So the real solution is to first make sure you are using a strict multi-user environment before you trust the separation of accounts. On top of that linux has the coolest text editors for progrmming websites, and the nicest implimentation of a web server for testing those sites.
I checked my "passwords never saved" screen, and found only 2.  I think they were saved before I unchecked the "remember passwords" box.  Since then, I have never had the popup box come up.  I think if the "remember passwords" box is left unchecked, (I think it defaults checked), you won't have anything saved.  
He has got to be the luckiest guy in the world at this moment in time!  


Now he will have HIS world and knows she is just after money, seed and control over both!  

Oh and she becomes the next, of a few million and growing single forever women!
I think firefox should provide password protection for read and delete access to list of sites for which password is never saved. The user may not be prompted for password when the list is being appended. If this is the case, you are privacy is protected even if your profile is accidently shared. However, you may have to come up with an excuse if someone asks you for the password or reason for having password on that list. :D
(In reply to comment #0)

Acess:

Tools

Options

Open the tab "Saved Passwords" and uncheck the option

Open the tab Passwords and uncheck the option (remember passwords)


Clique the button "Settings" and Check all


Open the tab History and change to 0 days


:)

Now, your firefox will free :)

this is not a bug.


Alexandre Luis
alexandrevls@uol.com.br

In reply to comment #22: There is a way to protect your saved passwords with a master password. To do this, go to Tools>Options>Privacy>Passwords and click in the "Set Master Password" button.After doing this, the only way to see the saved passwords is by providing the master password.

As I did the above, to see how it worked, I noticed two things:
1)After setting the master password, if you press "View Saved
Passwords", a dialog will appear asking the master password (this is
ok), but if you press cancel on the dialog, a new one appears, insisting
that you enter the master password. I think the dialog should just close
if you doesn't want to see the saved passwords anymore.
2)If you press the cancel on the dialog 5 times, the window with the
saved passwords appear with no saved passwords (this is ok), but in the
"Passwords Never Saved" still shows the sites you chose to never save
the password. If the operation is aborted when the user press cancel on
the dialog, this would be avoided. Is this already registered as a bug?
Really it's not that big of a deal that firefox saves the list of not saved passowrds. Browers are supposed to do this kind of thing. Anyway it would be the cheating boyfriend's job to run a cleaner to clean the history and cache. Seriously if you value your privacy run a history cleaner it's not that complicated. 

I can't tell if this is some sort of a parody, or if it's only some of the commenters who think it is. Some comments either don't take it seriously or post innane or offensive remarks and relationship advice. Some tried to deride her use of Windows and tried to suggest Linux (who cares if Linux has nice text editors for making web sites, it doesn't have Dreamweaver or Photoshop. Nvu and the Gimp suck in comparison). One religious nut even spammed bible quotes (I suppose spouting Linux propaganda could count as religious zealotry, too. RMS can be their Jesus, he's got the beard for it).
Sure the original poster related unnecesssary personal details which has piqued a few people's salacious curiosity, but that's no reason to turn this into a personal advice column, and some dubvious advice at that. Surprisingly they all seem to try and defend the fellow. Frankly he sounds like a cad who has tried to cover up his tracks, albeit unsuccessfully, and she may be better off for it. But the concern is genuine. Although you may like prying on other people's personal information, the sword cuts both ways. You shouldn't have to be a computer expert to protect your privacy. True, I myself have acounts on such sites out of curiosity more than anything else, not because I've actually ever cheated on anyone or ever would, but because I'm single and curious. That doesn't mean I want other users of my computer finding this out. Someone living with parents or relatives etc, or living with a partner, are entitled to privacy, even if they are using someone else's computer and account. A lot of marriage or relationship troubles stem from the husband's liking for surfing porn without intent of cheating, though some women consider it a form of cheating. Certainly the Bible Boy poster thinks so. I'll leave him to gouge out his right eye. A stressful job and screaming 2-year-olds waiting at home and maybe a nagging wife may be the cause. It may be symptomatic of deeper trouble. It doesn't matter.  We are entitled to privacy, and if Firefox doesn't properly remove private information upon removal of the program itself, that is a problem.
It has been marked a duplicate of the 2-year-old bug #234680 which basically complains that when you uninstall and click "Yes" to completely removing everything, it in fact doesn't. The user profile, buried deep inside a hidden system folder, remains with bookmarks and other privacy details like visited sites and passwords. Surely this is a genuine privacy concern for a browser that likes to poke fun at IE.
It is currently inexplicably marked as "WontFix".
Neither the browser, nor Mozilla employees "like to poke fun of IE."  You'll find that attitude more from the users.  As for the status of bug 234680, you'd need to ask the devs as someone already asked in the bug why it's wontfix (no need for bugspam)

Can we close this bug now that it's resolved?
Rather than storing a list of domains, why not store a one-way hash of same?

Comparison has to occur either way.  The 'invisibility' problem can be mitigated by displaying a notification pane to the effect of "Passwords entered on this page will not be saved.  To remove this site from the list, [click here]."

Really, this has been boneheaded behavior for years, though a source of endless amusement for fiancees and repair technicians.
Product: Firefox → Toolkit
I am really surprised nobody mentioned portable firefox.
(In reply to comment #0)
I dont know about your fiance but I never save passwords for anything so the list of websites is substantial. And needless to say after I click Never I am Never asked again so its not that big of a deal to me that he has sites listed as Never. Also from all I can see it only tells you the site not the number of times he visited that site so if he is like me and clicked never once 7 months ago and never returned to that site...it would still be listed in the list and it would look bad but if I only got on that site once 7 months ago to check a message I got or something pointless it would surely be taken out of context. I mean how can you convict him on the list of sites when you dont know how often he frequented the sites and for what purpose. What if it was a once and done deal
Restrict Comments: true
You need to log in before you can comment on or make changes to this bug.