Permanent private browsing mode leaks information to private storage from partitioning
Categories
(Core :: Privacy: Anti-Tracking, defect)
Tracking
()
People
(Reporter: sworddragon2, Unassigned)
Details
User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/109.0
Steps to reproduce:
- In about:preferences#privacy configure Firefox to never store any history (to enable permanent private browsing mode).
- Since this seems to be related to partitioning it might be needed to isolate cookies in about:preferences#privacy under custom tracking protection.
- Go to https://itch.io/ and hover over the embeded YouTube video.
Actual results:
In the Firefox profile under \storage\default the directory https+++www.youtube.com^privateBrowsingId=1&partitionKey=%28https%2Citch.io%29 with some content in it is created.
Expected results:
Private storage should not have been touched as the above case reveals that the user visted https://itch.io/ and saw some YouTube content on it.
Additional information:
For a long time under about:preferences#privacy I noticed that over days/weeks the cache grows slowly about a few MiB in this timespan. I was never bothered about this since I thought this might be caused from some internal stuff Firefox might do - but maybe it is just from this leak (or both). I'm quite curious if sites could also use this to re-identify the user if he restarts Firefox.
|
||
Comment 1•3 years ago
|
||
The Bugbug bot thinks this bug should belong to the 'Core::Privacy: Anti-Tracking' component, and is moving the bug to that component. Please correct in case you think the bot is wrong.
|
||
Comment 2•3 years ago
|
||
Andrew, could this be related to the previous service worker's issues in PBM?
|
||
Updated•3 years ago
|
|
||
Updated•3 years ago
|
|
|
||
Updated•2 years ago
|
|
||
Updated•8 months ago
|
Description
•