Open Bug 1391236 Opened 7 years ago Updated 2 months ago

Unable to restrict saving entered keystrokes in the places.sqlite file's moz_inputhistory table (privacy issue)

Categories

(Toolkit :: Places, defect, P3)

Product:
Toolkit
Component:
Places
Version:
55 Branch
Type:
defect
Points:
2

Tracking

()

People

(Reporter: zihaf, Unassigned)

References

(Blocks 1 open bug)

Details

(Keywords: privacy, Whiteboard: [snt-scrubbed][search-privacy])

User Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:55.0) Gecko/20100101 Firefox/55.0 Build ID: 20100101 Steps to reproduce: Enter some letters in the URL bar, then choose something from the suggested bookmarks. Actual results: The entered text will end up in places.sqlite and there is no standard way of removing it from there. Expected results: I want control, I don't want Firefox act like a keylogger. Putting aside the privacy issue, I agree that this is a rather useful feature. So I propose introducing a new configuration option (integer) browser.input_histroy_max_chars with a sane default (i.e. 3) which will restrict inserting a new record in moz_inputhistory table if the input's length is longer than that value. I think this is a good compromise: When the user presses 1, 2, or 3 keys the suggested records will still be relevant (i.e. most accessed records will be at the top) and not much sensitive data will end up in moz_inputhistroy (as it will be limited by 3 characters). Setting the value to 0 will effectively disable the moz_inputhistory feature (for privacy-minded users or Tor Browser). Furthermore, I also suggest to add a new checkbox to purge the data of this table in the "Clear All History" window. Unrelated, but one more checkbox there to clean the favicons too would even better. Thank you.
Component: Untriaged → Places
Product: Firefox → Toolkit
(In reply to zihaf from comment #0) > So I propose introducing a new configuration option (integer) > browser.input_histroy_max_chars with a sane default (i.e. 3) which will > restrict inserting a new record in moz_inputhistory table if the input's > length is longer than that value. I agree, and I think it's a good idea. > Furthermore, I also suggest to add a new checkbox to purge the data of this > table in the "Clear All History" window. input history is cleared with history, when a given url is removed from the db, its input history is also removed. Clearing all of history does the same. Though, I suspect we preserve input history for bookmarks, and that's something we could re-evaluate.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Priority: -- → P2
Whiteboard: [fxsearch]
Keywords: privacy
Blocks: 1562823
Points: --- → 2
Severity: normal → S3

We could use the new Event telemetry to measure the average (or a percentile) string length when an adaptive result is picked. And then based on that we could get a best guess limit for Adaptive History.

Depends on: 1804558
Priority: P2 → P3
Whiteboard: [fxsearch] → [snt-scrubbed][search-privacy]
You need to log in before you can comment on or make changes to this bug.