Closed Bug 1366318 Opened 8 years ago Closed 4 hours ago

[meta] Prevent websites from detecting private browsing

Categories

(Firefox :: Private Browsing, task, P3)

task

Tracking

()

RESOLVED FIXED

People

(Reporter: 08xjcec48, Unassigned)

References

Details

(Keywords: meta)

Component: Untriaged → Private Browsing
Marking as P3 [meta] tracking bug. As we discover specific vectors for sites to detect PBM we will file bugs under this one.
Priority: -- → P3
Summary: Prevent websites from detecting private browsing → (Private Browsing) [meta] Prevent websites from detecting private browsing
Version: 53 Branch → 57 Branch
Version: 57 Branch → 58 Branch
Version: 58 Branch → 60 Branch
Version: 60 Branch → 61 Branch
Version: 61 Branch → 62 Branch
Keywords: meta
Version: 62 Branch → 64 Branch
Version: 64 Branch → 65 Branch
Version: 65 Branch → 66 Branch
Type: defect → task
Version: 66 Branch → 67 Branch
Version: 67 Branch → 68 Branch
Status: UNCONFIRMED → NEW
Ever confirmed: true
Version: 68 Branch → 69 Branch
Version: 69 Branch → 70 Branch
Version: 70 Branch → 72 Branch
Version: 72 Branch → 73 Branch
Status: REOPENED → NEW
Version: 73 Branch → 74 Branch
Version: 74 Branch → 76 Branch
Version: 76 Branch → 77 Branch
Version: 77 Branch → 78 Branch

Updating the affected versions is not a useful change. This behavior can be seen on trunk.

Version: 78 Branch → Trunk
Depends on: 1320796
Depends on: 1789789
Severity: normal → S3
Depends on: 1827355
Depends on: 1826350
Depends on: 1959535
No longer depends on: 1320796

FYI: OPFS/File System API is not available in PB windows

  • e.g. promising navigator.storage.getDirectory() will throw a SecurityError
  • this does not happen in Incognito Windows on chrome

I'll leave it up to you guys if you want (or have plans) to pursue this.

Andrew, please see #c13. If appropriate, file a new issue and mark it as a dependency of this meta bug.

Flags: needinfo?(bugmail)

Sorry for the noise: this may be out of scope: but there is also GPC which is default disabled (but has a UI setting) but enforced in PB windows. Opt-in doesn't work (only a tiny percentage of users will change the setting), so whilst not 100% accurate, scripts won't care if they seek to punish PB window users. Without getting into why it's not default enabled everywhere - perhaps it can also be enabled with ETP Strict since that implies the user opted in (which is the case with DNT) in e.g. see Bug 1912841 if you want to pursue this. Personally, I think the two signals should be aligned at a minimum - at best, GPC default enabled for all (I still don't fully know why this isn't the case - e.g. Brave does this)

I'm going to close this because there haven't been any replies to the latest comments, and the actual examples we had were addressed by Bug 1639542 and Bug 1959535.

If you come across any website that still prevents Firefox users from accessing it in private windows, please submit a new bug report.

Status: NEW → RESOLVED
Closed: 5 years ago4 hours ago
No longer depends on: 781982, 1789789, 1826350, 1827355
Flags: needinfo?(bugmail)
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.