Notifications silently stopped working in permanent private browsing mode even when explicitly allowed
Categories
(Firefox :: Private Browsing, defect, P3)
Tracking
()
People
(Reporter: ke5trel, Unassigned)
References
(Regression)
Details
(Keywords: regression)
Attachments
(1 file)
Notifications allowed and new requests not blocked according to settings
STR:
- Start with
browser.privatebrowsing.autostart = true. - Visit https://www.bennish.net/web-notifications.html.
- Click "Authorize".
Expected:
Permission popup appears, clicking "Allow" grants authorization.
Actual:
No permission request, authorization denied. Existing permissions to allow notifications are not honored. The permissions list indicates that new requests are not blocked.
The regressing bug is intended to disable notifications in private windows but it is unclear if it is also meant to affect permanent private browsing mode. If this is intended, the permissions panel should indicate that notifications are not allowed in this mode.
Regression window:
https://hg.mozilla.org/integration/autoland/pushloghtml?fromchange=6bf12c86cf7551ca100a0ea0cfdc17feb5bb487c&tochange=5038cbc4c1b3c1f1c9dde076516ae31f0464d0d5
Regressed by Bug 1843046.
|
||
Updated•1 year ago
|
|
||
Updated•1 year ago
|
|
||
Updated•1 year ago
|
|
|
||
Updated•1 year ago
|
|
||
Comment 1•1 year ago
|
||
:hsingh, since you are the author of the regressor, bug 1843046, could you take a look? Also, could you set the severity field?
For more information, please visit BugBot documentation.
|
||
Comment 2•1 year ago
•
|
||
Our implementation of notifications in Private Browsing wasn't very secure that's why we have temporarily forcibly disabled them. I don't think we would be able to distinguish between private and non-private browsing modes in the notifications permission pane since it's common to both. That's why it has been silently disabled. Maybe we could alter the message in permissions settings to tell users that notifications are temporarily disabled in private browsing and changing any permissions in this pane wouldn't have any effect under private browsing.
|
||
Updated•1 year ago
|
|
|
||
Updated•1 year ago
|
|
||
Comment 3•1 year ago
|
||
Harveer, would you be able to add either me or @pbz to the sec bug 1843046 to see why we disable notification currently? Thanks.
|
|
||
Comment 5•1 year ago
|
||
I cc'd :timhuang and :pbz on the bug. Both of them should have access now.
|
|
||
Updated•1 year ago
|
|
||
Comment 7•1 year ago
|
||
It's a bit disappointing to see this behaviour was changed without any option to overrule it..
It's also a bit hidden in the release notes..
Looking at the 117 release notes it doesn't explicitly mention it; the security fixes does mention:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-34/#CVE-2023-4580
#CVE-2023-4580: Push notifications saved to disk unencrypted
Description
Push notifications stored on disk in private browsing mode were not being encrypted potentially allowing the leak of sensitive information.
References
Bug 1843046
But that doesn't really spell out that notifications are now completely disabled in private mode...
The commit(s) for that bug: https://hg.mozilla.org/mozilla-central/rev/ffeb6d319aa94ad4b179475f0d6420fcfc779470 which clearly disables the notifications in private mode...
For now the only options I have available are:
- stop using notifications (not an option)
- stop using private mode (which would mean more data is potentially saved to disk)
- downgrade to v116
Frankly put: neither option is acceptable to me..
As a minimum I would expect a config option so that I can enable these again (when being fully aware of the consequences).
An alternative (assuming there is no easy fix for bug #1843046) would be to extend the "allow notification dialog" (in private mode) to clearly show the consequence and allow the user to decide...
|
||
Comment 8•1 year ago
|
||
Hi, I would like to clarify that I opened an issue (https://bugzilla.mozilla.org/show_bug.cgi?id=1854336) that duplicates this one, and explaning that it affects Firefox 115 (latest current ESR). In this ticket, it is written "firefox-esr115 --- unaffected" but this is not true.
|
|
||
Comment 9•1 year ago
|
||
Regressing bug got uplifted, so yes.
|
|
||
Comment 10•1 year ago
|
||
(In reply to bram-zbmvyyn from comment #7)
It's a bit disappointing to see this behaviour was changed without any option to overrule it..
It's also a bit hidden in the release notes..
Looking at the 117 release notes it doesn't explicitly mention it; the security fixes does mention:https://www.mozilla.org/en-US/security/advisories/mfsa2023-34/#CVE-2023-4580
#CVE-2023-4580: Push notifications saved to disk unencrypted
Description
Push notifications stored on disk in private browsing mode were not being encrypted potentially allowing the leak of sensitive information.
References
Bug 1843046But that doesn't really spell out that notifications are now completely disabled in private mode...
The commit(s) for that bug: https://hg.mozilla.org/mozilla-central/rev/ffeb6d319aa94ad4b179475f0d6420fcfc779470 which clearly disables the notifications in private mode...For now the only options I have available are:
- stop using notifications (not an option)
- stop using private mode (which would mean more data is potentially saved to disk)
- downgrade to v116
Frankly put: neither option is acceptable to me..
As a minimum I would expect a config option so that I can enable these again (when being fully aware of the consequences).
An alternative (assuming there is no easy fix for bug #1843046) would be to extend the "allow notification dialog" (in private mode) to clearly show the consequence and allow the user to decide...
I know this could be frustrating for some users but we have higher standards on security and privacy front. Current implementation of our notifications is not very secure and by offering a toggle to turn on/off notifications could give a wrong impression to users and that's why we pulled it back. But soon, we will start to work on notifications again to properly support and implement this time.
|
|
||
Comment 11•1 year ago
|
||
(In reply to Harveer Singh from comment #10)
I know this could be frustrating for some users but we have higher standards on security and privacy front. Current implementation of our notifications is not very secure and by offering a toggle to turn on/off notifications could give a wrong impression to users and that's why we pulled it back. But soon, we will start to work on notifications again to properly support and implement this time.
Except by pulling it back without any option to enable it again (an advanced option would be fine) you're making it less secure and/or less private since the notifications are essential to me.
So I'm either forced to:
- use an older version which is less secure
- not use private mode which is less private
|
|
||
Comment 12•1 year ago
|
||
I agree with @bram-zbmvyyn, there should be a simple as workaround to allow users to enable notifications despite the security issue. Some people like me has lower standard of security related to privacy, as a matter of fact some uses privacy window just as another session clean of cookies. A configuration like:
insecure_privacy.enable_notification_back = true
some be a self-explanatory toggle, with people who wants high security thinking twice before enabling that.
The only reason not to implement that would be, to my mind, in case the proper fix can be implemented quickly (like in a matter of days or less than a month).
|
|
||
Updated•1 year ago
|
|
|
||
Comment 14•1 year ago
|
||
Seems like chrome also disabled notifications in Incognito mode.
|
|
||
Comment 15•1 year ago
|
||
(In reply to Harveer Singh from comment #14)
Seems like chrome also disabled notifications in Incognito mode.
I confirm notifications is disabled by default in Chromium 120.0.6079.0, but in settings, it is possible to enable them afterwards, see https://stackoverflow.com/questions/44687759/chrome-59-incognito-session-doesnt-expose-allow-for-notification-content-sett. I tried it and it works. There should be the same thing in Firefox.
|
||
Updated•1 year ago
|
|
|
||
Comment 16•1 year ago
|
||
:timhuang anything we can do about the priority here given the user experience?
|
|
||
Comment 17•1 year ago
|
||
We think it makes sense to introduce a pref for users to allow notifications in private browsing sessions as a short-term fix. It's a backlog item for now because this issue is specific to private browsing windows. So, I think the current priority is accurate.
However, we should find a long-term fix that allows supporting notifications in private sessions but does not leak private activities to the disk.
Harveer, do you plan to work on a solution allowing push notifications in private windows, such as encrypting push notifications in disk? Is it on your team's roadmap?
|
|
||
Comment 18•1 year ago
|
||
I will discuss the option of exposing a pref as a temporary workaround. Yes, I think we do have an item in the backlog to encrypt notifications for private sessions.
|
||
Updated•1 year ago
|
|
||
Comment 20•4 months ago
|
||
I forgot all about this bug until I checked just now. I'm on 131.0.3 and this bug seems to be gone.
I think this bug can be closed now in that case?
|
|
||
Comment 21•4 months ago
|
||
(In reply to quickishfm from comment #20)
I forgot all about this bug until I checked just now. I'm on 131.0.3 and this bug seems to be gone.
I think this bug can be closed now in that case?
Oh I am sorry - this is not the bug I raised, which was marked as a duplicate of this.
Description
•