Open Bug 1259013 Opened 7 years ago Updated 9 months ago

Private Browsing is allowed in Child Mode


(Firefox :: Private Browsing, enhancement)

Windows 8.1



Tracking Status
firefox48 - wontfix
firefox49 - affected
firefox50 - affected
firefox51 --- affected


(Reporter: simona.marcu, Unassigned)


(Blocks 1 open bug)


- Issue found on the Nightly try build from:

Mozilla/5.0 (Windows NT 6.3; rv:47.0) Gecko/20100101 Firefox/47.0 Build ID:20160210105908

[Affected versions]:
- Nightly 47.0a1

[Affected platforms]:
- Windows 8.1

[Steps to reproduce]:
1. On Windows 8.1 create a Child Account and Log in
2. Install the Nightly try build 
3. Launch Nightly
4. Ctrl+Shift+P to enter Private Browsing.

[Expected result]:
Private browsing should not be allowed while in Child Mode.

[Actual result]:
Private Browsing is allowed. 

[Regression range]:
Not a regression.

[Additional notes]:
On Internet Explorer 11 the option to enter PB is not available in the Safety menu.
I'm assuming that "Disable InPrivate Mode" option under Microsofts Family Safety only affects IE/Edge. Chrome probably does it's own check and disables the appropriate features when it detects it's being run under a child account. We would need to incorporate something similar to bug # 1239166 and disable appropriate features when we detect that fx is being used in a child account.

From what I've seen via the Family Safety Web Portal, there's no turning off "Disable InPrivate Mode".


* [affected] Win 7 x64 - IE/Chrome block InPrivate/Incognito
* [affected] Win 8.1 x64 - IE/Chrome block InPrivate/Incognito
* [affected] Win 10 x64 - IE/Chrome block InPrivate/Incognito
No longer blocks: 1239166
Blocks: 1259463
Component: Security: PSM → Untriaged
Product: Core → Firefox
Component: Untriaged → Private Browsing
[Tracking Requested - why for this release]: 
High impact issue which overrides any parental controls by allowing private browsing.
Severity: normal → major
Any updates regarding this? 
We consider it a high impact issue for releasing the feature.
Flags: needinfo?(dkeeler)
I think there's been a bit of miscommunication on scope here. My understanding is that the feature in question is essentially bug 1239166 (detecting if an account is in child mode and importing and trusting the Microsoft Family Safety root so that https sites work if so). There are certainly other things we can do when we detect that an account is in child mode, but that's out of scope for now. To address this bug specifically, it existed before we made the changes to import the family safety root, and it shouldn't blocking shipping that feature.
Flags: needinfo?(dkeeler)
Track this as this is a high impact issue.
as David said, it is not that important.
I think this is a valid bug and a good kind of feature parity with other browsers that we can aim for in Nightly51 or 52.

Considering Comment 4 and Comment 7, marking this as an enhancement.

Severity: major → --
Type: defect → enhancement
You need to log in before you can comment on or make changes to this bug.