Closed
Bug 435416
Opened 17 years ago
Closed 17 years ago
Privacy evaluation: places.sql leaves traces of visited URLs
Categories
(Core :: SQLite and Embedded Database Bindings, defect)
Tracking
()
RESOLVED
INCOMPLETE
People
(Reporter: andi-moz, Unassigned)
Details
(Keywords: privacy)
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.8.1.13) Gecko/20080311 Firefox/2.0.0.13
Build Identifier: Firefox 3 beta 5 (as shipped with opensuse 11.0b3)
I try to visit my browser to avoid leaving traces of visited URLs for privacy
reasons.
For that I set the "clear private data" tabs to clear everything on exit and
exit regularly using the close buttong (not killing/crashing)
Also disable the session store in about:config (really should be part of
the clear privacy tool btw)
After exiting I did a test of "grep -r website-i-visited ~/.mozilla/*"
I found that there are always URLs of the visited urls in places.sql
This is a serious privacy problem. Please fix.
Reproducible: Always
Steps to Reproduce:
1. see details
2.
3.
Actual Results:
see details
Expected Results:
...
Updated•17 years ago
|
Version: unspecified → 3.0 Branch
Updated•17 years ago
|
Component: Security → Storage
Keywords: privacy
Product: Firefox → Toolkit
QA Contact: firefox → storage
Version: 3.0 Branch → 1.9.0 Branch
Comment 1•17 years ago
|
||
Do you have a bookmark of the website-i-visited? Bookmarks are not deleted when you use "clear private data", so that may explain this.
This is a bit technical, but another thing you can do to diagnose the issue is to look at the places database to see where website-i-visited is appearing. Just install the sqlite3 command line tool, and then type
$ sqlite3 /path/to/places.sqlite .dump
And then grep the results to see on what table website-i-visited is stored
Reporter | ||
Comment 2•17 years ago
|
||
No bookmark.
Cannot do the sqlite check right now, but will do later.
Comment 3•17 years ago
|
||
We use SQLITE_SECURE_DELETE, so this is either an upstream bug or doesn't exist. Regardless, haven't heard from the reporter, so INCOMPLETE.
Status: UNCONFIRMED → RESOLVED
Closed: 17 years ago
Resolution: --- → INCOMPLETE
Updated•10 months ago
|
Product: Toolkit → Core
You need to log in
before you can comment on or make changes to this bug.
Description
•