1324384 - Remove ability to override new tab page in private windows (about:privatebrowsing)

Status: RESOLVED DUPLICATE of bug 1525125

(WebExtensions :: Frontend, defect, P1)

Description

[Kestrel]

The user may want a custom new tab page in private windows which would require overriding about:privatebrowsing. Chrome allows extensions that override the new tab page to work in incognito windows.

Comment 1

[Kev Needham [:kev]]

Adding Javaun, as guidance around this would be needed. Third-party overrides would potentially allow info leaks and tracking in PBM, so we'd need to flesh this out from a Private Browsing PoV first.

Comment 2

[Andy McKay]

This has landed in bug 1234150 and currently this works in private browsing mode as well as normal mode by allowing you to override the new tab page.

I'm confused by comment 0 which contradicts the documentation "New Tab pages cannot be overridden in incognito windows" 

https://developer.chrome.com/extensions/override

Should we be restricting this in private browsing?

Comment 3

[Kev Needham [:kev]]

Per comment #1, looking for guidance from private browsing product.

My vote is yes. Custom newtabs can leak info to orgs other than mozilla. Users should be required to specifically enable an addon in private browsing mode to effect the changes they make.

Comment 4

[Kev Needham [:kev]]

(In reply to Kev Needham [:kev] from comment #3)
> My vote is yes. Custom newtabs can leak info to orgs other than mozilla.
> Users should be required to specifically enable an addon in private browsing
> mode to effect the changes they make.

And, to be clear, our newtab does not, iirc, leak info by default, where other newtabs can (and frequently do) load resources from third party sites.

Comment 5

[Andy McKay]

Changing bug title to be clearer that we are planning on removing this ability. This ability was added in Firefox 53, so we'll need to land this patch soon to remove it - based on Javaun's feedback.

Comment 6

[Javaun Moradi [:javaun]]

Clearing my NI (sorry it took so long) and adding Pdol, who is product owner for PBM

Comment 7

[Peter Dolanjski [:pdol]]

(In reply to Andy McKay [:andym] from comment #5)
> Changing bug title to be clearer that we are planning on removing this
> ability. This ability was added in Firefox 53, so we'll need to land this
> patch soon to remove it - based on Javaun's feedback.

This seems like the right approach to me given the risk of newtab leaking info, unbeknownst to the user.

Comment 8

[Shane Caraveo (:mixedpuppy)]

setting p1/unassigned to force group re-triage

Comment 9

[Mike Conca [:mconca]]

(In reply to Peter Dolanjski [:pdol] from comment #7)
> (In reply to Andy McKay [:andym] from comment #5)
> > Changing bug title to be clearer that we are planning on removing this
> > ability. This ability was added in Firefox 53, so we'll need to land this
> > patch soon to remove it - based on Javaun's feedback.
> 
> This seems like the right approach to me given the risk of newtab leaking
> info, unbeknownst to the user.

:pdol, I'm wondering if you could chime in on this (2-year old) bug again. We are planning to land bug 1457001 in release 66 which will require the user to explicitly opt-in to using any particular extension, including new tab page override, in private browsing windows. Is that sufficient from your point-of-view?  Or do we want to go a step further, and actually prohibit new tab page overrides from working in private browsing windows, which is what this bug is suggesting?

Comment 10

[David Durst [:ddurst]]

Upping to P1 because of timeline.

Comment 11

[Shane Caraveo (:mixedpuppy)]

I'm closing this down. To long for ni, comments are referencing feedback outside the bug, etc etc.

Bug 1525125 and by extension bug 1380809 take care of user involvement in decided whether these work in pbm.