Open Bug 446261 Opened 14 years ago Updated 5 months ago

Clear Private Data should also reset last directory saved to

Categories

(Toolkit :: Data Sanitization, enhancement, P5)

x86
Windows Vista
enhancement

Tracking

()

People

(Reporter: mladen, Unassigned)

References

(Blocks 1 open bug)

Details

(Keywords: privacy)

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14

When clicking on Clear Private Data and then saving a file, it goes back to the previously saved directory. I think this is a privacy concern.

Reproducible: Always

Steps to Reproduce:
1.
2.
3.
Privacy concerns that aren't remotely exploitable don't need to be kept confidential.
Group: security
I can confirm, if you clear your download history it does not reset the directory shown on the save-as dialog to the default download location. I can see the consistency argument for resetting, but I don't really see the privacy argument.

Maybe that's because I view the "clear download history" thing mostly as clutter-control, not a privacy feature -- unless you're actually deleting the files someone who has the access required to read the download directory could also have found the directory and files themselves by searching on your computer disk.

As a simple test I tried the built-in Windows Search feature on the start menu. Searching for files and documents modified in a single day range it took no more than a minute or two to find my download directory.

If you're on a shared computer and don't want people to see what you've downloaded you'll have to use separate OS accounts or download to a USB stick you take with you. In either case wiping the directory name doesn't add much to your privacy (but in the USB stick case I can see wiping the filenames).

Unless you can better explain the scenario where privacy matters this bug is probably headed for WONTFIX: we preserve the directory as a convenience because most people like to keep their files together. Of course _most_ most people never change the directory from the default so this bug doesn't affect them either way.
Severity: major → trivial
Status: UNCONFIRMED → NEW
Ever confirmed: true
Keywords: privacy
Well, "Clear Private Data" is a feature which "clears private data". Even the name tells you that it's a privacy feature and not just clutter control. And the last directory saved to is "download history" so the command is not fulfilling it's whole purpose.

It's quite similar to clearing the url history. Those url's are still public to everyone (like the folders on the computer) but you are clearing the fact that you were there. I might even argue that it's even worse to leave the last saved directory as it's very easy to stumble upon this knowledge even by accident.

stupid eg: A boy is supposed to be doing his homework on the comp but he decides to do some surfing. Afterwards his parents could easily see what he was doing because his last saved directory was "/downloads/gametrailers" 
I agree it's pretty trivial, and that unlike things like browsing history, which we control, clearing this is no indication that the information can't be retrieved elsewhere.  Still, I don't know if I'd agree with a WONTFIX here - if we had a patch that did this, we wouldn't take it?  Put another way - if the dialog already did this, would we consider that a bug?  Whether it's effective or not, plenty of people no doubt use "hidden" directories to store their secret stuff, and might be surprised to have it casually exposed after a Clear Private Data pass -- to others who would not likely ever have searched for it intentionally.
Blocks: 1102808
Type: defect → enhancement
Component: Security → Data Sanitization
Priority: -- → P5
Product: Firefox → Toolkit
Severity: trivial → N/A
You need to log in before you can comment on or make changes to this bug.