Open Bug 1551280 Opened 5 years ago Updated 4 months ago

All private windows are using the same privateBrowsingId, sharing cookies and other site data

Categories

(Firefox :: Private Browsing, defect, P3)

Product:
Firefox
Component:
Private Browsing
Version:
66 Branch
Type:
defect

Tracking

()

People

(Reporter: empo_vit, Unassigned)

References

(Depends on 1 open bug)

Details

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0

Steps to reproduce:

  1. Open a new private window.
  2. Log in to a website (e.g. gmail).
  3. Open another private window, either from the regular window or from the previously opened private one.

Actual results:

You are logged in into the website in the new private window. Moreover, if you log in in the last open private window and then switch to a previously opened private window - you will be recognized in that window too!

Expected results:

I expect not to be recognized / tracked across private windows.

Well, this seems like expected behavior :( How confusing though - I can have multiple private windows, but all of them are bound to the same session. So all but the first one aren't actually "private". Sorry for bothering the community about it (I did search the KB before opening the bug, honest!).

Status: UNCONFIRMED → RESOLVED
Closed: 5 years ago
Resolution: --- → INVALID

This is better off not being a hidden bug.

Group: firefox-core-security
Component: Untriaged → Private Browsing

Baku, I know we talked about this recently, do we have a bug for de-duplicating private browsing OAs so that each window gets its own? If so, we could dupe this one. Otherwise we might want to re-open it.

Flags: needinfo?(amarchesini)

We don't have an existing bug. We can reopen this one.

Status: RESOLVED → REOPENED
Ever confirmed: true
Flags: needinfo?(amarchesini)
Resolution: INVALID → ---
Status: REOPENED → NEW
Summary: Identity recognized across private windows → All private windows are using the same privateBrowsingId, sharing cookies and other site data

The priority flag is not set for this bug.
:groovecoder, could you have a look please?

For more information, please visit auto_nag documentation.

Flags: needinfo?(lcrouch)
Flags: needinfo?(lcrouch)
Priority: -- → P3

I expect not to be recognized / tracked across private windows.

Safari users also expect the same. There, every private tab is isolated. https://bugzilla.mozilla.org/show_bug.cgi?id=1694026
Window level isolation is also acceptable (to me personally ofc).

Severity: normal → S3
Assignee: nobody → amadan
Depends on: 1870709
Assignee: amadan → nobody
You need to log in before you can comment on or make changes to this bug.