439237 - Privacy concern with respect to content-prefs.sqlite file

Status: RESOLVED WORKSFORME

(Firefox :: General, defect)

Description

[Steve England [:stevee]]

Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9pre) Gecko/2008060806 Minefield/3.0pre ID:2008060806

This bug represents a minor edge-case privacy issue and so isn't major... but I'd be interested on what peoples' thoughts are.

The content-prefs.sqlite file associates domain names with zoom levels so the zoom level of a domain is persistent across tabs and indeed browsing sessions. By loading this file into an SQLite Database app you are able to see what domains have had a zoom-level set, and so what domains someone has visited.

My concern is that Clear Private Data does not clean this data AND there is no UI for presenting the data held in this file.

- Some data like browsing history, cookies, download history, etc, can be cleared in Clear Private Data. The user's privacy is easily protected.

- Data held in the file permissions.sqlite (for what domains can show popups, set cookies, install add-ons, etc) can NOT be cleared from Clear Private Data, BUT everything held in this file has UI in Firefox where the user can see the data and easily remove it if required. Additionally, this data is only present if a user either explicitly adds it or clicks a button or something.

The exception to these two groups is the zoom level stored in content-prefs.sqlite .. the user only needs to change the zoom level (CTRL++) and the domain name is recorded in the file. There is no way to automatically remove this data, nor to browse the data to see what's stored there.

If the user does want a domain removed from content-prefs.sqlite then they _can_ go to the domain and reset the zoom level back to default (CTRL+0), but this isn't particularly obvious and indeed isn't easy if you want to really protect your privacy.

After visiting a site you wouldn't want someone to know about, you'd have to always remember to reset the zoom level. And if you forgot to do this, but then cleared your history, there'd be every chance you couldn't remember what site it was, you couldn't find the site using your (now empty) history, but you'd have a reference to this domain in your content-prefs.sqlite file, which someone could find if they went looking.

Comment 1

[Reed Loden [:reed]]

Dupe of bug 380852 or bug 407910?

Comment 2

[Steve England [:stevee]]

It's kind of like one of the two bugs in comment 0. I'm quite happy that Clearing Private Data doesn't touch site-specific settings... but the solution to this bug may be to implement some kind of UI or something like all the other site-specific settings have that shows the data that's being stored.

At the moment, there's absolutely no way to see what data's being stored in content-prefs.sqlite from within firefox, unlike the other site-specific data stored in permissions.sqlite.

Comment 3

[zed]

At the very least, can we have the option for site/tab specific zoom exposed somewhere in the gui, if nowhere else then at least in View->Zoom. And whilst we're there, why not include an option to "remember this site's zoom settings" to allow site zoom to be persistent across sessions.

Comment 4

[Khanban]

IMHO, I think this is a breach of browsing privacy. The information in "content-prefs.sqlite" must either be accessible to modify through a gui or be removed via Clearing Private Data. Without these accesses, it is kind of like logging users browsing habit, without them being effectively able to prevent it, unless then delete this file afterwards.

Comment 5

[Steve England [:stevee]]

If bug 407910 gets fixed (currently assigned to a dev) then this bug will get closed.

Comment 6

[Dietrich Ayala (:dietrich)]

bug 407910 has been resolved invalid. can this be closed as well?

Comment 7

[Kevin Brosnan]

Works for me using tools > clear recent history > details > site preferences

Verified using sqlite manager extension that no addresses are stored in content-prefs.sqlite. Additionally re-opening any sites correctly opened them with the default zoom level.