Browser Wars 2.0: Firefox scrambles to add ‘private mode’ browsing
At Black Hat last month, when I spoke to Mozilla security chief Window Snyder, she made it clear that Private Browsing would not make it into the next revision of Firefox.
Today, the open-source group all but announced that the privacy feature, which puts the browser into a temporary state where no information about the user’s browsing session is stored locally, will definitely make it into Firefox 3.1 due sometime next month.
Why the sudden time line change? Welcome to Browser War 2.0.
[ SEE: Talking Firefox security with Mozilla’s Window Snyder ]
During our Black Hat conversation, Snyder stressed that Mozilla wanted to implement the feature in a way that offered true private mode instead of simply clearing the browser cache or removing temporary internet files. “We could implement private browsing in some fashion right now but, to do it properly, we will need to do some complex re-architecting,” Snyder explained.
Now, it appears that the buzz around Google Chrome and Internet Explorer 8 shipping with privacy-mode features has forced Mozilla to rush out its own implementation just to keep pace with competitors. Apple also a “private browsing” feature in its Safari browser.
[ SEE: Google Chrome, the security tidbits ]
Mozilla has thinking about Private Mode for a long time but software engineers have struggled to determine exactly how to offer real privacy to end users. Based on the back-and-forth in Bug 248970, it looks like Firefox 3.1 will:
- Discard all cookies acquired during the private session.
- Not record sites visited to the browser’s history.
- Not autofill passwords, and not prompt the user to save passwords.
- Remove all downloads done during the session from the browser’s download manager.
[ SEE: Microsoft confirms ‘InPrivate’ IE 8 ]
According to the Current Status page, this implementation makes the following components aware of the private browsing mode by preventing them from writing anything to disk in this mode:
- Cache service
- Cookies service
- Permissions manager
- SSL Certificate exception manager
- History service
- Form/Search bar auto-complete history manager
- Download manager
- Login manager
- Content-specific preferences manager
- Session restore service
- Error console service
Post a Comment