Closed Bug 435416 Opened 17 years ago Closed 17 years ago

Privacy evaluation: places.sql leaves traces of visited URLs

Categories

(Core :: SQLite and Embedded Database Bindings, defect)

1.9.0 Branch
x86
Linux
defect
Not set
major

Tracking

()

RESOLVED INCOMPLETE

People

(Reporter: andi-moz, Unassigned)

Details

(Keywords: privacy)

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.8.1.13) Gecko/20080311 Firefox/2.0.0.13 Build Identifier: Firefox 3 beta 5 (as shipped with opensuse 11.0b3) I try to visit my browser to avoid leaving traces of visited URLs for privacy reasons. For that I set the "clear private data" tabs to clear everything on exit and exit regularly using the close buttong (not killing/crashing) Also disable the session store in about:config (really should be part of the clear privacy tool btw) After exiting I did a test of "grep -r website-i-visited ~/.mozilla/*" I found that there are always URLs of the visited urls in places.sql This is a serious privacy problem. Please fix. Reproducible: Always Steps to Reproduce: 1. see details 2. 3. Actual Results: see details Expected Results: ...
Version: unspecified → 3.0 Branch
Component: Security → Storage
Keywords: privacy
Product: Firefox → Toolkit
QA Contact: firefox → storage
Version: 3.0 Branch → 1.9.0 Branch
Do you have a bookmark of the website-i-visited? Bookmarks are not deleted when you use "clear private data", so that may explain this. This is a bit technical, but another thing you can do to diagnose the issue is to look at the places database to see where website-i-visited is appearing. Just install the sqlite3 command line tool, and then type $ sqlite3 /path/to/places.sqlite .dump And then grep the results to see on what table website-i-visited is stored
No bookmark. Cannot do the sqlite check right now, but will do later.
We use SQLITE_SECURE_DELETE, so this is either an upstream bug or doesn't exist. Regardless, haven't heard from the reporter, so INCOMPLETE.
Status: UNCONFIRMED → RESOLVED
Closed: 17 years ago
Resolution: --- → INCOMPLETE
Product: Toolkit → Core
You need to log in before you can comment on or make changes to this bug.