Slashdot is powered by your submissions, so send in your scoop

 


Forgot your password?
Close
typodupeerror
×
Firefox Mozilla Privacy News

Firefox 20 Will Finally Fix Private Browsing Mode 186

Posted by Soulskill from the we-know-what-you-use-it-for dept.
darthcamaro writes "Unlike every other major browser vendor, Mozilla today does not allow users to have their private mode browser window open at the same time as a regular browser window. That's now set to change. This is a flaw that has been in Bugzilla since 2008 and has been the subject of heated discussion for years."
This discussion has been archived. No new comments can be posted.

Firefox 20 Will Finally Fix Private Browsing Mode More

Firefox 20 Will Finally Fix Private Browsing Mode

Comments Filter:

  • Finally! (Score:3)

    by c0l0 ( 826165 ) * on Friday November 30, 2012 @07:34PM (#42149713) Homepage

    That's one of the very few features that I'd always wanted Firefox to adopt from Chromium, and now it's actually happening - yay for Firefox 20. Can't be longer than a few weeks any more anyway; now can it? ;p

  • version 20 (Score:2, Funny)

    by Anonymous Coward

    So this feature will show up by Wednesday?

  • But But (Score:5, Funny)

    by fermion ( 181285 ) on Friday November 30, 2012 @07:53PM (#42149947) Homepage Journal
    Chrome is version 23, so Firefix is still lame, and lord help IE stuck at version 10.

    • Thanks for mentioning Chrome's current version number.

      I've got real tired of seeing people here bitch about FF's version number inflation causing them to move over to Chrome... ignoring the fact Chrome has an even higher version number after fewer years of existence compared to FF.

      This basic math failure is quite egregious on an site supposedly for nerds.

    • IE is several times older than Chrome. We only use mature software around here, bro.

  • Why would anyone, ever, browse the web in "public" mode??? Isn't that like saying "Yes, please track me"?

    First thing I do on Firefox is set it to dump all cookies/cache/history/etc/etc every time it closes. 100% on all the time private mode would be just fine, thanks. Unless you *like* big brother watching you.

    • Not everyone is that paranoid. Some people like the convenience of saving cookies and cache across sessions.

      • Re: (Score:2)

        by epyT-R ( 613989 )

        alternatively, you could say "most people aren't aware of the serious negative side effects that come with convenient defaults."

        • Re: (Score:3)

          by tbird81 ( 946205 )

          That's because there are none. Seriously, start taking your schizophrenia meds, because no-one is out to get you. No-one cares what websites you visit. It will not affect your life in any meaningful way.

          • No-one cares what websites you visit. It will not affect your life in any meaningful way.

            If no-one cares where is there a billion dollar tracking industry, and Google spends a lot of effort tracking everything.

            It will not affect your life in any meaningful way, unless you don't get along with your government, get divorced, are a public figure, may become involved in politics, etc, etc, etc.

            Just because no one gives a shit about your masturbation habits in your moms basement, doesn't mean there aren't plenty of people that other groups would love to track.

    • How do you handle logins and passwords to various sites?

    • Re: (Score:2)

      by neminem ( 561346 )

      Because I don't care. Things can track me all they like. I seriously don't care whether they do or not. (Except every once in a blue moon, in which case, I toggle on private mode. Or just log out of google, because that's where most of the major tracking is going on... :p)

    • Or you want usability. Or do you tell me you never use bookmark, history, or anything in your web browsing. Always type every URL per hand?
      Cause thats more or less what it would boil down to be always in privacy mode

      Let me guess, you thing you are a big shot because you have them on your google account...

    • Definately not what most people want -- I certainly would hate that, too.

      If you want it though, it's easy enough to enable: https://support.mozilla.org/en-US/kb/private-browsing-browse-web-without-saving-info#w_how-do-i-always-start-firefox-in-private-browsing [mozilla.org]

  • Does this mean I can (Score:5, Funny)

    by Spy Handler ( 822350 ) on Friday November 30, 2012 @08:02PM (#42150067) Homepage Journal

    post politically correct things (Linux rules and Bush sucks!) to Slashdot while logged in, and at the same time open a Private Browsing window and troll as AC?

  • Multiple Profiles are More Functional (Score:5, Interesting)

    by Jah-Wren Ryel ( 80510 ) on Friday November 30, 2012 @08:12PM (#42150159)

    Firefox has supported multiple simultaneous sessions since at least the 3.x days.

    Use these command-line options:

        -ProfileManager -new-instance

    Then create as many different profiles as you want. They will all have their own history, bookmarks, add-ons, cookies, etc. The only place you have to worry about cross-profile pollution is with plugins like flash that keep state (like flash-cookies) in their own directory rather than under the firefox profile directory.

    I have about 8 different profiles - one for gmail, one for my bank, one for slashdot, one for IMDB, etc and I keep a special "anonymous" profile that is basically a private-mode session, it wipes everything on exit, cookies, disk cache, history, etc. I even use the "User Agent Switcher" add-on so that each profile pretends to be a slightly different version of Firefox to make browser fingerprinting a little bit harder.

    • Javascript profiling will identify your browser even with user agent switcher. You can find out what browser they are using even with a simple DOM tree check. Heck even CSS can be used to find out what Browser you are really using. The agent string is only for convenience.
      Javascript example: http://www.corephp.com/blog/hardcore-javascript-browser-and-computer-fingerprinting/ [corephp.com]
      Paper on different method: http://w2spconf.com/2011/papers/jspriv.pdf [w2spconf.com]
      Old CSS history method, now mitigated : http://ha.ckers.org/w [ckers.org]

      • Yep, I really did mean "a little bit harder" when I wrote it.

        Security is never 100% - on both the attacking and the defending sides. It is always a trade-off between effort and results. I figure the majority of trackers will not go to those extremes to track people because not enough people even go so far as to diddle the user-agent string. It just isn''t worth their time to do it and do it reliably when pay-out is such a small fraction of the total.

    • Re:Multiple Profiles are More Functional (Score:5, Informative)

      by girlinatrainingbra ( 2738457 ) on Friday November 30, 2012 @10:20PM (#42151337)
      Look at EFF's Panopticlick website to see the breadcrumbs you're leaving behind. And don't forget that if you're coming in from the same IP address, even with all of those different purported browser-agent strings, it's easy enough to collect those data together and make a profile for that IP address and for the various sites hit at the various times of day. If you've got certain niche websites which you visit, the combination of websites visited could also be seen as a fingerprint also.
      ;>)
      https://panopticlick.eff.org/ [eff.org]

      • it's easy enough to collect those data together and make a profile for that IP address and for the various sites hit at the various times of day.

        And with the depletion of IPv4 addresses, you eventually end up trying to distinguish among 200 unique visitors behind one carrier-grade NAT.

        • re you eventually end up trying to distinguish among 200 unique visitors behind one carrier-grade NAT.
          But that's where the browser fingerprinting as described at https://panopticlick.eff.org/ [eff.org] comes in: even if you have javascript disabled, your browser sends along information about your:
          -- media types accepted
          -- cookies enabled
          -- HTTP-accept headers
          -- and of course, your user-agent
          .
          Even behind noscript, my browsing leaks 17.96 bits of information, according to the EFF panopticlick survey for me. I

          • You don't seem to realize that all those bits of identifying information are a lot less useful when some of them are deliberately polluted.

            So, carrier-grade NAT to mix traffic between multiple different users plus minor variations in fingerprinting information makes it exceptionally difficult to correlate different website accesses with a unique user. The problem has now gone from one that can be reasonably automated to one that is going to require human judgment, so the risk has gone from being caught up

      • Re: (Score:2)

        by tbird81 ( 946205 )

        Oh no! Not the websites I visit! People will realise that I post on Slashdot!

    • Re: (Score:2)

      by grumbel ( 592662 )

      Firefox has supported multiple simultaneous sessions since at least the 3.x days.

      They don't work properly in Ubuntu. Do a "firefox -P myprofile" while you have another profile running and Firefox will open a new Window with profile that was already running, not the one you gave on the command line. It's pretty badly broken and nobody seems to care.

      • Re: (Score:2)

        by vsync64 ( 155958 )
        You need to do -a blargle to get it to avoid just sending a request to the running session. I'd say the behavior isn't ideal but this is at least a workaround that lets me have multiple profiles running for dev/test/browsing.

        • Re: (Score:2)

          by grumbel ( 592662 )

          The -a option right now is:

                      -a or --debugger-args Specify arguments for debugger

          And doesn't seem to have any effect for me. If I remember correctly, -a used to be to select the running process instance in the past, but even back then it never worked for me either. The relevant bug report [launchpad.net] from 2006 about the profile mess.

        • Re: (Score:2)

          by doom ( 14564 )

          I do this on ubuntu, and it seems to work:
          firefox -no-remote --ProfileManager

          It's useful for me because I like to use non-standard color settings, but there are sites that are unusable if you don't let them set their own colors. (It'd be nice if there were a better solution, but switching profiles as necessary is what I've been living with.)

      • Why aren't you using the -new-instance argument? It worked for me under ubuntu before I switched to Mint where it continues to work.

        • Re: (Score:2)

          by grumbel ( 592662 )

          That's essentially the same as "-no-remote" and just gives a error message if an instance is already running:

          "Firefox is already running, but is not responding. To open a new window, you must first close the existing Firefox process, or restart your system."

          If you are wondering why I am not simply opening a new window via the GUI if an instance is already running: Sometimes the last window left of the instance will be a download window and the download window doesn't give you an option to open a new window.

          • The best I can understand you have now defined two different scenarios:

            1) Open a new firefox instance when there is no running instance with that specific profile
            2) Open a new firefox window when there is already a running instance with that specific profile

            These works for me on mint, I don't see why it wouldn't work on Ubuntu or any other platform:

            1) firefox -P foo -new-instance
            2) firefox -P foo -remote 'OpenUrl(about:blank,new-window)'

  • It only took 4 years? (Score:5, Insightful)

    by Arker ( 91948 ) on Friday November 30, 2012 @08:34PM (#42150399) Homepage
    For firefox this is actually pretty good. My personal favorite bug [mozilla.org] is still plaguing users of FF over 11 years after being reported.

    • Not sure exactly how one would fix this. Either the plugin handles keys, or the browser does.

      • Re: (Score:2)

        by Arker ( 91948 )
        The browser should always get the input first, and only pass it to the plugin after examining it and if appropriate.

  • Window Drag Handle (Score:4, Interesting)

    by darkain ( 749283 ) on Friday November 30, 2012 @09:05PM (#42150745) Homepage

    I'm still waiting for the window drag handle to be the entire "glass" area at the top, and not just the top X% of it. Ever since Windows Vista/7, Microsoft has made it a defacto standard that any part of a window that is "glass" is a drag handle, and Chrome does this nicely. It is very annoying to not have a visual indicator of where the drag handle starts/stops, and more annoying to have that empty glass space become more or less "useless" if the browser isn't full of a million tabs.

  • There is a feature that I very much like in Firefox: if you have ordinary horizontal tab bar and you open a lot of tabs, it makes the tab strip scrollable, instead of squeezing the tabs smaller and smaller. With all other browsers you just end up with tiny tabs which text you can't read, which is horrible.
  • When browsing in private mode, if you then switch back to normal, when you close Firefox and as the tabs shut down, you usually get one of the supposedly private pages flash up briefly. Clearly not all buffers are cleared when exiting privacy mode.

Slashdot Top Deals

"Protozoa are small, and bacteria are small, but viruses are smaller than the both put together."

Close