Closed
Bug 331652
Opened 18 years ago
Closed 1 year ago
store hashes instead of site name for sites for which you select "Never Save"
Categories
(Toolkit :: Password Manager, defect, P5)
Tracking
()
RESOLVED
WONTFIX
People
(Reporter: vlad, Unassigned)
Details
(Keywords: privacy)
Right now when the user selects "Never For This Site" when prompted to save a password, we end up saving the site name in an easily accessible and hard-to-clear way (do they get cleared by clear private data -> "Saved Passwords"? unclear!). I suggest that we hash the site names and and compare hashes instead; we'd lose the ability to show the user a list of what sites they selected to never save passwords for, but I think just a way to clear or even temporarily suspend the never-save restriction would be good enough.
|
||
Comment 1•18 years ago
|
||
I think the better idea might be to just remove the "Never For This Site" function as part of bug 327047 which will turn the password manager into a non-modal dialog and therefore eliminate the need for an "don't ask me again" style of function.
|
||
Comment 2•18 years ago
|
||
In reply to comment 0: Switching to hashes would require adding a new way to change your mind about "never for this site". What could that UI look like? I'm worried that "fixing" this would create an illusion of privacy: it would still not be too hard for someone to find out what sites you've said "never save password" on, since they could compare the hashes to the hashes of the ten thousand most popular web sites. In reply to comment 1: Users might still want "never for this site" button even if the dialog is replaced by a non-modal interface. (c.f. the option to turn off the yellow bar that notifies you that a popup has been blocked.)
Keywords: privacy
|
||
Updated•16 years ago
|
Component: Satchel → Form Manager
|
||
Updated•16 years ago
|
Component: Form Manager → Password Manager
QA Contact: satchel → password.manager
|
||
Comment 3•15 years ago
|
||
(In reply to comment #2) > I'm worried that "fixing" this would create an illusion of privacy: it would > still not be too hard for someone to find out what sites you've said "never > save password" on, since they could compare the hashes to the hashes of the ten > thousand most popular web sites. Isn't all privacy an illusion? If I may draw an analogy, it would be like closing "privacy" curtains. What you suggest is that it's still possible to walk up to the window and peek in or maybe even us a telescope. However, for the casual observer, everything is blurred enough. A simple hash wouldn't defeat a determined detective, but it prevents a casual peeper from noticing otherwise private information and a nosy sysadmin from grepping for pr0n.
|
||
Updated•8 years ago
|
Priority: -- → P5
|
||
Updated•2 years ago
|
Severity: normal → S3
|
||
Comment 4•1 year ago
|
||
Comment 2 explains it well: user won't be able to revert their decision on the specific site in Settings > Logins and Passwords > Exceptions.
If there is a site user don't want it's name somewhere on disk - use Private Browsing.
Status: NEW → RESOLVED
Closed: 1 year ago
Resolution: --- → WONTFIX
You need to log in
before you can comment on or make changes to this bug.
Description
•