Containers don't work in permanent private mode
Categories
(Core :: DOM: Security, defect, P5)
Tracking
()
| Tracking | Status | |
|---|---|---|
| firefox57 | --- | fix-optional |
People
(Reporter: jkt, Unassigned)
References
(Blocks 1 open bug)
Details
(Whiteboard: [userContextId][domsecurity-backlog])
Attachments
(1 file, 3 obsolete files)
We disabled containers for when in private mode due to the confusion caused by having both personal container open and private personal container open. The use-case is that I never want my history to be remembered but I would like my browser contexts isolated. The difference between multiple browser with different profiles still remains: - Shared bookmarks - Same window, different tabs We overlooked this when disabling containers for private mode. To enable this mode: 1. go to about:preferences 2. click privacy 3. select history: "Never remember history" When in this mode I expect to be able to access containers
|
||
Comment 1•8 years ago
|
||
Marking as P3 for now, but we can reprioritize if needed after discussion. baku, Kamil - if you have thoughts on this, please share.
|
||
Comment 2•8 years ago
|
||
What if you DO NOT use private-always mode and instead uncheck the box for "Remember my browsing and download history" (and the other two if you want)? I would expect containers to work in that case.
|
Reporter | |
Comment 3•8 years ago
|
||
From my testing this also behaves exactly like private mode also and disables containers.
|
|
Reporter | |
Comment 4•8 years ago
|
||
https://treeherder.mozilla.org/#/jobs?repo=try&revision=9659b6cfb24c
| Comment hidden (mozreview-request) |
|
|
Reporter | |
Comment 6•8 years ago
|
||
It actually does work with the options that :dveditz said in comment #2. Both unchecking 'Always use private browsing mode' in 'Use custom settings fom history' and 'Never remember history' prevent Containers from working.
|
|
||
Updated•8 years ago
|
| Comment hidden (mozreview-request) |
|
|
Reporter | |
Updated•7 years ago
|
|
|
Reporter | |
Updated•7 years ago
|
|
|
Reporter | |
Comment 8•7 years ago
|
||
Comment on attachment 8865849 [details] Bug 1320757 - Moving container tab highlight from test pilot experiment Assigned to wrong bug id.
|
||
Comment 9•7 years ago
|
||
Bulk change per https://bugzilla.mozilla.org/show_bug.cgi?id=1401020
|
||
Updated•6 years ago
|
|
|
Reporter | |
Comment 11•6 years ago
|
||
Bug 1320757 - Permitting containers to be used in permenant private mode.
|
||
Updated•6 years ago
|
|
|
Reporter | |
Comment 12•6 years ago
|
||
|
|
||
Updated•6 years ago
|
|
|
Reporter | |
Comment 13•6 years ago
|
||
Comment on attachment 8815127 [details] Bug 1320757 - Permitting containers to be used in permenant private mode I updated the patch to prevent it bit rotting further given it's age. I'm not really actively working on this than I have in the past two years but I might pass it :shivi. :Gijs do you know if we ever share functions between these files at all? I would prefer to make a function that accepts a window and return a bool to reduce the duplication. I guess we should also have a test for these menu items finally also.
|
|
||
Comment 14•6 years ago
|
||
(In reply to Jonathan Kingston [:jkt] from comment #13) > :Gijs do you know if we ever share functions between these files at all? I > would prefer to make a function that accepts a window and return a bool to > reduce the duplication. Not sure what you mean here. Can you elaborate?
|
|
Reporter | |
Comment 16•4 years ago
|
||
Sorry I can't remember exactly, I think I was looking for sharing functionality but I'm not sure how or where.
Anyway I'm unlikely to be picking this up.
|
||
Updated•2 years ago
|
|
||
Comment 18•2 years ago
|
||
The severity field for this bug is relatively low, S3. However, the bug has 3 duplicates.
:freddy, could you consider increasing the bug severity?
For more information, please visit auto_nag documentation.
|
||
Comment 19•2 years ago
|
||
The last needinfo from me was triggered in error by recent activity on the bug. I'm clearing the needinfo since this is a very old bug and I don't know if it's still relevant.
|
||
Comment 20•2 years ago
|
||
Yeah, for those who got emails...do we actually want private tabs to be isolated? I'm not sure that makes sense. It seems that containers in themselves being per-tab is already confusing to some people. I don't think we should add another dimension to it and lean towards closing this.
|
|
||
Comment 21•2 years ago
|
||
(In reply to Frederik Braun [:freddy] from comment #20)
Yeah, for those who got emails...do we actually want private tabs to be isolated? I'm not sure that makes sense. It seems that containers in themselves being per-tab is already confusing to some people. I don't think we should add another dimension to it and lean towards closing this.
I agree with this for individual private windows ie "temporary" private browinsg.
However, I think the question is about permanent private browsing mode. It seems like some people use this to avoid storing data to disk (so starting with a clean slate every time Firefox starts), and it seems reasonable to still want to be able to separate things in that mode while not saving data to disk.
|
||
Comment 23•1 year ago
|
||
Tor Browser is private browsing mode by default for disk-avoidance. It would be nice if containers also worked there since using containers to log into multiple accounts simultaneously is still a nice feature to have (even w/ private browsing mode enabled).
|
||
Comment 24•1 year ago
|
||
(In reply to Richard Pospesel (Tor Browser Dev) from comment #23)
Tor Browser is private browsing mode by default for disk-avoidance. It would be nice if containers also worked there since using containers to log into multiple accounts simultaneously is still a nice feature to have (even w/ private browsing mode enabled).
It's not just a nice feature to e.g. use multiple accounts on the same website within the same browser instance but also a requirement for privacy. This is because permanent private browsing mode even with RFP enabled can't automize against all forms of tracking - there is still discipline required from the user. 2 cases that come into my mind to reflect this:
-
Fixed links (e.g. mostly common via bookmarks) are a good potential source of tracking. Their nature with complex parameters that are hardly transparent to an user (e.g. YouTube video ID's) make it often impossible to tell if part of the URL is being used to secretly identify the user at some point. This can carry a lot of information despite all the isolation RFP does here and is very tedious to prevent on the user-side. Also too old bookmarks whose URL has already been updated (but the old URL still works) provide a bit of extra entropy to the website.
-
If websites cooperate they can simply circumvent RFP's privacy-isolation (correct me if something updated in the past and I'm wrong here) since simple forwarding to each other's site is sufficient to cross-identify the user between 2 different services (e.g. 2 different logged in accounts). This also requires discipline of the user since disabling any form of automatic forwarding (and also any form of manual forwarding to avoid edge-cases) would break pretty much basically the entire web. This is the case where actually the tab-containers discussed here are required (as well as user-discipline) to avoid this. If the user is logged into 2 different services and they are both in 2 different tab-contexts those services can forward to each-other as much as they want but they would never be able to cross-track the user then.
|
|
||
Comment 25•1 year ago
|
||
Edit: With RFP's privacy-isolation I was also keeping in mind other forms of isolation Firefox currently provides (e.g. state partitioning for Cookies) - just to be a bit more clear here and unfortunately I can't edit my previous post to correct this.
Description
•