Closed Bug 385741 Opened 15 years ago Closed 13 years ago

Want to be able to exclude sites from form autofill

Categories

(Toolkit :: Form Manager, enhancement)

1.9.0 Branch
x86
All
enhancement
Not set
normal

Tracking

()

RESOLVED WONTFIX

People

(Reporter: krojew, Unassigned)

References

Details

(Keywords: privacy)

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 6.0; pl; rv:1.8.1.4) Gecko/20070515 Firefox/2.0.0.4
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 6.0; pl; rv:1.8.1.4) Gecko/20070515 Firefox/2.0.0.4

There should be and exception list for autofill. While this feature is very useful, in some case it should be disabled, ie. online bank sites. If I enter my bank account login it will be visible for everyone who tries to log in from the same PC. Although my password will not be stored, my login will be made public for every user.
An exception list would solve this problem and help maintain privacy.

Reproducible: Always

Steps to Reproduce:
1. Enter important login in any login site.
Actual Results:  
Autofill feature shows the private login information.

Expected Results:  
Exception lists blocks autofill.
Summary: Autofill should have a list o fexceptions → Autofill should have a list of exceptions
Kamil, if privacy is a problem, you can use the master password. See http://kb.mozillazine.org/Master_password
I've turned on master password and it does not block autofill feature. My login is still visible after typing the first character.
What kind of exception list do you want?  A list of banking sites?  A list of field name attributes?  A list of field label texts?
A simple editable list of sites for which autofill would be disabled. Just like the one for blocking cookies.
Keywords: privacy
Summary: Autofill should have a list of exceptions → Want to be able to exclude sites from form autofill
Version: unspecified → 2.0 Branch
valid enhancement
Status: UNCONFIRMED → NEW
Ever confirmed: true
Duplicate of this bug: 395693
Duplicate of this bug: 296551
See also bug 252486, "Option to disable form manager (saved form information) for secure websites (https)".
This is a very valid concern.  But what's to prevent someone else from editing the whitelist after you leave?  Then the next time you use it, you think you are protected, but you may not be.  Would it not be preferable to require the user to disable or dump the information each time?
On second thought, we already have the ability to dump the information.  It's called "Clear Private Data".

The whitelist would have the benefit of not exposing sensitive information to the casual user.  On the other hand, I'm not sure it would foil real thieves.  Is it your contention that it's useful to foil people who might be tempted by being exposed accidentally to sensitive information?
Well, my personal thought (now) is that this item could be resolved in a few ways:

1. Look for some critical information (such as credit card numbers, which can be calculated / validated using the Luhn algorithm -- http://en.wikipedia.org/wiki/Luhn_algorithm), and then completely blacklist the page if critical data is found.
2. Look for session only page information. If the item is 'protected' by a session cookie (which my online bank's information is), don't save the form information.
3. Whitelist / blacklist with prompt, which is sort of what happens currently and isn't 100% foolproof / idiotproof if someone's trying to grab your info. This is particularly critical on machines which are 'kiosks', and this problem parallels the great 'Save Session Restore' debate.
Duplicate of this bug: 318839
Product: Firefox → Toolkit
For client pages (login https or otherwise) under development, I use various logins that I want Firefox to remember, but not my personal pages.

1) Add feature: Auto-complete Exception List of urls & *domains*. Allow wildcards.
2) Add Option tab/section/dialog: Edit Auto-complete Exception List.
3) Add option on master password entry dialog: "Protect Auto-Complete entries".
Make it so if master password is turned on and this option is checked, all urls/domains and auto-complete entries get encrypted using the master password and any changes to the Auto-complete Exception List require the master password.
4) Put options on context menu: 
       "Disable Auto-Complete For This Form"
       "Disable Auto-Complete For This Domain"
OS: Windows Vista → All
Version: 1.8 Branch → 1.9.0 Branch
I don't think this is worth the complexity, and the vast majority of users won't want to micromanage form history this way.

Usernames are typically not considered sensitive data. If banking sites want to control that, they can usethe autocomplete=off attribute to prevent form manager from saving this data.
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → WONTFIX
I agree with you. The complexity is an issue. However, the users need a mechanism whereby you can feel safe logging into a public machine, or even on your home machine and not leave credit card or other account numbers in the form history.

If a banking site creator did not have the knowledge enough to set autocomplete=off, a user would have to complete a session, return to the login screen, and manually delete the form history for the account number field to be sure he/she wasn't leaving sensitive info for the next user of the computer.

I speak from personal experience because my local bank's online banking site does not set autocomplete=off. I don't want to turn off all form history, but every time I return to their site, there's my account number in the form history!!
(In reply to comment #15)
Sean, don't do banking from public computers.  You should assume that all such computers are under someone else's control, and for safety, assume it's riddled with key loggers and other spyware.  So just don't do it.  The only relatively safe way would be to boot from a Linux live CD or USB drive, so you are not using the local hard drive.  Assume you are being observed.

But if you like betting your bank account and are going to do it anyway, you can and should clear your private data.  That deletes your data from any version of Firefox.  Starting with version 3.5 you have Private Browsing mode.

Notice that this bug is closed, and it's unlikely to be reopened.
(In reply to comment #16)

Actually, while I don't do banking from public computers (sorry to muddy the conversational waters with that), I don't feel comfortable leaving account numbers, etc. on my home computer in the form history for a hacker to grab it my machine gets taken over.
At this moment there is no way to disable autofill other than relying on web creators top use autocomplete=off. In my opinion this is a security issue. Login information such as bank account (or any other sensitive data), should be known only to the owner. Right now it's the choice between leaving this kind of data public or clearing everything.
Assuming someone logs into his bank account frequently and is concerned with privacy, he needs to clear the form history very often. That makes form history feature completely useless. A user has to decide if he wants to benefit form autofill or maintain privacy. I think that is NOT a good situation.
(In reply to comment #18)
> At this moment there is no way to disable autofill other than relying on web
> creators top use autocomplete=off. In my opinion this is a security issue.  >...A user has to decide if he wants to benefit form
autofill or maintain privacy.


For the average user it probably is indeed a security issue.  And since it works for some Web sites but not others, even sophisticated users may come to develop a false reliance on it.  Even Beltzner was unaware of the protocol (bug 252486, comment 10).

There are two other bugs to disable autocompletion.  Bug 190700 would disable it for all https sites.  It's WONTFIXed, I think because the "autocomplete" attribute is a Web standard (unfortunately?).  Bug 252486 makes it a user option for all https sites; that one is still open but stalled.  This bug would give you a white list.

For users who are aware of the problem, there are two new options, "Start Private Browsing" and "Clear Recent History".  That may be all you will get, alas.
You need to log in before you can comment on or make changes to this bug.