Open Bug 1752229 Opened 2 years ago Updated 2 years ago

Disable (or nerf) some UITour APIs in Private Browsing Windows, to avoid showing a surprising "You're signed in" message in private window at Firefox Accounts website

Categories

(Firefox :: Tours, defect)

Product:
Firefox
Component:
Tours
Type:
defect

Tracking

()

Tracking Flags:
Tracking Status
firefox-esr91 --- wontfix
firefox97 --- wontfix
firefox98 --- wontfix
firefox99 --- wontfix
firefox100 --- fix-optional

People

(Reporter: dholbert, Unassigned)

References

(Regression,
URL
)

Details

(Keywords: regression)

Attachments

(1 file)

screenshot of Private Browsing window showing "You're signed in" message
66.59 KB, image/png
Details

STR:

  1. In a fresh Firefox profile, visit https://www.mozilla.org/en-US/firefox/accounts/
    --> Notice you get page content that indicates you're not signed in.

  2. Now sign in to Firefox (Sign in in Tools or Hamburger menu), or switch to your regular browsing profile where you are signed in, and visit https://www.mozilla.org/en-US/firefox/accounts/ again.
    --> Notice that you get page content that indicates you are signed in (literally "You're signed in to Firefox")

  3. Now, open a private window (ctrl+shift+p) and visit https://www.mozilla.org/en-US/firefox/accounts/ again.

ACTUAL RESULTS:
Page content that knows that I'm signed in to Firefox.

EXPECTED RESULTS:
Since I'm in a brand-new private window, I would not expect any websites (including mozilla.org) to know any information about me being signed in to anything.

NOTES:
I've been told this differential-rendering of https://www.mozilla.org/en-US/firefox/accounts/ is actually using the UITours API, which is whitelisted to only a few Mozilla domains (and the API in question only reports that you are signed in to the browser, and nothing more). So it's unlikely that this is any actual risk / privacy leakage here.

Nonetheless, this gives the appearance of a privacy bug. To a user, the "You're signed in" message here makes it seem like Firefox might be co-mingling cookies between the regular browsing session and the private browsing session.

We should avoid giving that appearance to avoid needlessly startling users. One way of doing this might be to nerf any login-state-relevant pieces of this API in Private Browsing mode; not sure if that would break anything or if there are any better approaches to addressing this.

Summary: Disable (or nerf) some UITour APIs in Private Browsing Windows → Disable (or nerf) some UITour APIs in Private Browsing Windows, to avoid showing a surprising "You're signed in" message in brand-new private window

Note, there's also the case of Firefox-in-permanent-private-browsing-mode to consider, i.e.
https://support.mozilla.org/en-US/kb/private-browsing-use-firefox-without-history#w_can-i-set-firefox-to-always-use-private-browsing

If we do take action and change UITour APIs for private-browsing-mode, it's worth noting that users in this permanent-private-browsing category would have these APIs always-nerfed.

(I suspect those users also might be surprised to find out that https://www.mozilla.org can tell that they're signed in to Firefox, though, so they may not really be a special-case. Though they might be annoyed at repeated "Sign in to Firefox" prompts on our welcome pages, if they are already signed in; but that might just be how you already are used to experiencing the web, if you're a permanent-private-browsing-mode user.)

URL: https://www.mozilla.org/en-US/firefox...
Summary: Disable (or nerf) some UITour APIs in Private Browsing Windows, to avoid showing a surprising "You're signed in" message in brand-new private window → Disable (or nerf) some UITour APIs in Private Browsing Windows, to avoid showing a surprising "You're signed in" message in private window at Firefox Accounts website

The severity field is not set for this bug.
:Mardak, could you have a look please?

For more information, please visit auto_nag documentation.

Flags: needinfo?(edilee)

Normally UITour permissions are not granted in private browsing windows except there was a special exception for mozilla.org from bug 1557153. I don't think that was an intended change but like comment 2, there could be features that rely on it especially if we promote more usage of private browsing.

Severity: -- → S2
Flags: needinfo?(edilee)
Regressed by: 1557153

Set release status flags based on info from the regressing bug 1557153

status-firefox97: --- → affected
status-firefox98: --- → affected
status-firefox99: --- → affected
status-firefox-esr91: --- → affected
Has Regression Range: --- → yes

We could make the UITour feature that that page is using private-browsing aware? We can determine whether the originating page is in PBM and have that determine the result... though I'm not sure if that would mean that you then could never sign in to Fx in BPM, which would be a problem (especially for permanent private browsing mode).

@Ed do we think this warrants an S2 ? Should we lower this S3/S4 ?

Flags: needinfo?(edilee)
Severity: S2 → S3
Flags: needinfo?(edilee)
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: