Open
Bug 1391236
Opened 7 years ago
Updated 2 months ago
Unable to restrict saving entered keystrokes in the places.sqlite file's moz_inputhistory table (privacy issue)
Categories
(Toolkit :: Places, defect, P3)
Tracking
()
NEW
People
(Reporter: zihaf, Unassigned)
References
(Blocks 1 open bug)
Details
(Keywords: privacy, Whiteboard: [snt-scrubbed][search-privacy])
User Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:55.0) Gecko/20100101 Firefox/55.0
Build ID: 20100101
Steps to reproduce:
Enter some letters in the URL bar, then choose something from the suggested bookmarks.
Actual results:
The entered text will end up in places.sqlite and there is no standard way of removing it from there.
Expected results:
I want control, I don't want Firefox act like a keylogger.
Putting aside the privacy issue, I agree that this is a rather useful feature.
So I propose introducing a new configuration option (integer) browser.input_histroy_max_chars with a sane default (i.e. 3) which will restrict inserting a new record in moz_inputhistory table if the input's length is longer than that value.
I think this is a good compromise: When the user presses 1, 2, or 3 keys the suggested records will still be relevant (i.e. most accessed records will be at the top) and not much sensitive data will end up in moz_inputhistroy (as it will be limited by 3 characters).
Setting the value to 0 will effectively disable the moz_inputhistory feature (for privacy-minded users or Tor Browser).
Furthermore, I also suggest to add a new checkbox to purge the data of this table in the "Clear All History" window.
Unrelated, but one more checkbox there to clean the favicons too would even better.
Thank you.
Updated•7 years ago
|
Component: Untriaged → Places
Product: Firefox → Toolkit
Comment 1•7 years ago
|
||
(In reply to zihaf from comment #0)
> So I propose introducing a new configuration option (integer)
> browser.input_histroy_max_chars with a sane default (i.e. 3) which will
> restrict inserting a new record in moz_inputhistory table if the input's
> length is longer than that value.
I agree, and I think it's a good idea.
> Furthermore, I also suggest to add a new checkbox to purge the data of this
> table in the "Clear All History" window.
input history is cleared with history, when a given url is removed from the db, its input history is also removed. Clearing all of history does the same. Though, I suspect we preserve input history for bookmarks, and that's something we could re-evaluate.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Priority: -- → P2
Whiteboard: [fxsearch]
Updated•4 years ago
|
Points: --- → 2
Updated•2 years ago
|
Severity: normal → S3
Comment 2•2 years ago
|
||
We could use the new Event telemetry to measure the average (or a percentile) string length when an adaptive result is picked. And then based on that we could get a best guess limit for Adaptive History.
Updated•2 years ago
|
See Also: → https://mozilla-hub.atlassian.net/browse/SNT-407
You need to log in
before you can comment on or make changes to this bug.
Description
•