User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:220.127.116.11) Gecko/20091102 Firefox/3.5.5 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:18.104.22.168) Gecko/20091102 Firefox/3.5.5 The privacy setting of a collection is controlled by an option of "Who can view your collection?". However this option has implementation faults and is broken by design. This is the scenario. Day 1, it's a public collection when you create it. Day 2, you decide it should be private and you change the status of the collection into private. A user will expect, judging from the description of the privacy option, the collection is no longer public now so any personal or private information, if any, written in the collection is safe. Nevertheless some anonymous visitors may have visited your collection on Day 1. They may have bookmarked your link, share the link in blogs, forums, newsgroups etc. Change in privacy status doesn't help in this issue. Search crawlers may have indexed your collection on Day 1 too. Change in privacy status doesn't help in this issue either. This is a major design flaw which gives users a false sense of security and privacy. Fundamental mistakes have been made on the implementation of the private collection system. This is only one of the problems caused by the incompleteness of the protection. There are other ways, problems and bugs which will cause a private collection to be *not* private. Some may not be very clear how exactly it happens (I only got a rough idea). I'll do more testing and research on it and file other bugs later. Reproducible: Always
I don't understand why it's marked as duplicate. Yes that bug is somehow related but they are not really identical. Bug Writing Guidelines says we should **strictly report one bug per ticket**. Don't group similar bugs together. This is a bug about the design flaw of private collection. A user expects its collection becomes private when: (1) it marks the collection as private at start (2) he changes his mind later and change this collection from public to private However the collection won't be private in neither Case 1 nor Case 2 because of how private collection actually works. But search engine is only part of the problem. It isn't the whole of the problem. Bug 507317 is about collection being exposed in addons.mozilla.org because of some bugs found in the website, leading to private collection being indexed/cached. The problem is not caused by the reasons indicated by Bug 507317. All comments in Bug 507317 are not really relevant to this one either. Don't group similar bugs together please. It's hard to keep track of it.