Privacy evaluation: places.sql leaves traces of visited URLs

RESOLVED INCOMPLETE

Status

()

--
major
RESOLVED INCOMPLETE
11 years ago
10 years ago

People

(Reporter: andi-moz, Unassigned)

Tracking

({privacy})

1.9.0 Branch
x86
Linux
privacy
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

11 years ago
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.8.1.13) Gecko/20080311 Firefox/2.0.0.13
Build Identifier: Firefox 3 beta 5 (as shipped with opensuse 11.0b3)

I try to visit my browser to avoid leaving traces of visited URLs for privacy 
reasons.

For that I set the "clear private data" tabs to clear everything on exit and
exit regularly using the close buttong (not killing/crashing)
Also disable the session store in about:config (really should be part of 
the clear privacy tool btw)

After exiting I did a test of "grep -r website-i-visited ~/.mozilla/*"

I found that there are always URLs of the visited urls in places.sql

This is a serious privacy problem. Please fix.

Reproducible: Always

Steps to Reproduce:
1. see details
2.
3.
Actual Results:  
see details

Expected Results:  
...
Version: unspecified → 3.0 Branch

Updated

11 years ago
Component: Security → Storage
Keywords: privacy
Product: Firefox → Toolkit
QA Contact: firefox → storage
Version: 3.0 Branch → 1.9.0 Branch

Comment 1

11 years ago
Do you have a bookmark of the website-i-visited? Bookmarks are not deleted when you use "clear private data", so that may explain this.

This is a bit technical, but another thing you can do to diagnose the issue is to look at the places database to see where website-i-visited is appearing. Just install the sqlite3 command line tool, and then type

$ sqlite3 /path/to/places.sqlite .dump

And then grep the results to see on what table website-i-visited is stored
(Reporter)

Comment 2

11 years ago
No bookmark.

Cannot do the sqlite check right now, but will do later.
We use SQLITE_SECURE_DELETE, so this is either an upstream bug or doesn't exist.  Regardless, haven't heard from the reporter, so INCOMPLETE.
Status: UNCONFIRMED → RESOLVED
Last Resolved: 10 years ago
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.