Open Bug 1366318 Opened 6 years ago Updated 5 months ago

[meta] Prevent websites from detecting private browsing

Categories

(Firefox :: Private Browsing, task, P3)

Product:
Firefox
Component:
Private Browsing
Type:
task

Tracking

()

People

(Reporter: 08xjcec48, Unassigned)

References

(Depends on 2 open bugs)

Details

(Keywords: meta) 

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:53.0) Gecko/20100101 Firefox/53.0
Build ID: 20170504105526

Steps to reproduce:

Use the private browsing mode to open this: https://www.bostonglobe.com/business/2017/05/16/get-ready-for-even-more-cars-boston-streets/hLt3FFNj0ISHNxFIAdKbEP/story.html


Actual results:

The website identifies that the tab is private, and hides the contents of the article.


Expected results:

Websites shouldn't be able to tell that users are browsing privately and/or force them to use regular tabs.
Component: Untriaged → Private Browsing
Marking as P3 [meta] tracking bug. As we discover specific vectors for sites to detect PBM we will file bugs under this one.
Priority: -- → P3
Summary: Prevent websites from detecting private browsing → (Private Browsing) [meta] Prevent websites from detecting private browsing
The original link now works for me, not sure if because of one of my extensions.

However, this is still able to detect whether the window is private: https://codepen.io/fadupla/pen/EWxKRW
Version: 53 Branch → 57 Branch
Version: 57 Branch → 58 Branch
Version: 58 Branch → 60 Branch
Version: 60 Branch → 61 Branch
Version: 61 Branch → 62 Branch
Keywords: meta
Version: 62 Branch → 64 Branch
Version: 64 Branch → 65 Branch
Version: 65 Branch → 66 Branch

The San Diego Union Tribune is doing this now. To reproduce, while private browsing, go to https://www.sandiegouniontribune.com/ and click on any article. I'm not sure what mechanism they are using.

Type: defect → task

This is the same issue as Bug 1506680, which has more information

Version: 66 Branch → 67 Branch
Version: 67 Branch → 68 Branch
Status: UNCONFIRMED → NEW
Ever confirmed: true
Version: 68 Branch → 69 Branch
Version: 69 Branch → 70 Branch
Version: 70 Branch → 72 Branch
Version: 72 Branch → 73 Branch

Closing as a duplicate of an older bug.

Status: NEW → RESOLVED
Closed: 3 years ago
Resolution: --- → DUPLICATE

I don't think this is a duplicate of Bug 781982. Bug 781982 is about enabling the use of IndexedDB in private browsing mode. Currently, the unavailability of IndexedDB might be used to identify private browsing mode though, so Bug 781982 might be regarded as blocking this one.

Flags: needinfo?(kbrosnan)

There is no reason to have a meta bug with one bug being dependent. It is not a meta in that case it is a direct dupe.

Flags: needinfo?(kbrosnan)

As comment https://bugzilla.mozilla.org/show_bug.cgi?id=1366318#c1 says, specific vectors that allow identification of private browsing mode should be filed under this one. Bug 781982 is one such vector. I am pretty sure it is not we only one, though I don't know if we have more on file.

This is logically a different thing than Bug 781982. If there really were only a single relevant vector, it might make no sense to keep this meta bug open, but it still isn't a duplicate of Bug 781982 in my understanding.

Flags: needinfo?(jhofmann)

I agree with Simon

Status: RESOLVED → REOPENED
Depends on: 781982
Flags: needinfo?(jhofmann)
Resolution: DUPLICATE → ---
Summary: (Private Browsing) [meta] Prevent websites from detecting private browsing → [meta] Prevent websites from detecting private browsing
Status: REOPENED → NEW
Version: 73 Branch → 74 Branch
Version: 74 Branch → 76 Branch
Version: 76 Branch → 77 Branch
Version: 77 Branch → 78 Branch

Updating the affected versions is not a useful change. This behavior can be seen on trunk.

Version: 78 Branch → Trunk
Depends on: 1320796
Depends on: 1789789
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.