Security/Automatic Private Browsing Upgrades: Difference between revisions

Security/Automatic Private Browsing Upgrades (view source)

Revision as of 06:18, 26 August 2015

866 bytes added , 26 August 2015

add security / privacy considerations and mitigations

Fmarier

Confirmed users

908

edits

@@ Line 20: / Line 20: @@
     <meta http-equiv="content-security-policy" content="require-private">
   </head>
-=== Note on fingerprinting ===
-This is not meant as a way for a site to probe whether or not the user is in Private Browsing mode. It could be used for that, but using it would cause some pretty major UX disruptions.
 == Triggers ==
@@ Line 56: / Line 52: @@
 * https://rainn.org/
+== Security / Privacy Considerations ==
+* Malware sites could abuse this feature to better hide their traces, by essentially clearing the history after getting the user to download malware.
+* Because all sites in a private browsing session share the same cookie jar, third-party tracking (e.g. Google Analytics) is still possible.
+* If a user is using private browsing to separate Facebook from the rest, a site could defeat that protection by getting itself "upgraded" into private browsing without the user's consent and then share data with Facebook via the Like button.
+* A site could use this mechanism to probe whether or not the user is in Private Browsing mode though it would cause some pretty major UX disruptions.
+=== Mitigations ===
+* Users who regularly investigate malware will have an <tt>about:config</tt> pref to disable this feature entirely.
+* Third-party tracking is reduced by [[Security/Tracking_protection|tracking protection]].
+* [[Security/Contextual_Identity_Project/Private_Session|private sessions]] will isolate private browsing sites from each other.
 == Related ==