Browser Wars 2.0: Firefox scrambles to add 'private mode' browsing
Today, the open-source group all but announced that the privacy feature, which puts the browser into a temporary state where no information about the user's browsing session is stored locally, will definitely make it into Firefox 3.1 due sometime next month.
Why the sudden time line change? Welcome to Browser War 2.0.
[ SEE: Talking Firefox security with Mozilla’s Window Snyder ]
During our Black Hat conversation, Snyder stressed that Mozilla wanted to implement the feature in a way that offered true private mode instead of simply clearing the browser cache or removing temporary internet files. "We could implement private browsing in some fashion right now but, to do it properly, we will need to do some complex re-architecting," Snyder explained.
[ SEE: Google Chrome, the security tidbits ]
Mozilla has thinking about Private Mode for a long time but software engineers have struggled to determine exactly how to offer real privacy to end users. Based on the back-and-forth in Bug 248970, it looks like Firefox 3.1 will:
- Discard all cookies acquired during the private session.
- Not record sites visited to the browser's history.
- Not autofill passwords, and not prompt the user to save passwords.
- Remove all downloads done during the session from the browser's download manager.
[ SEE: Microsoft confirms 'InPrivate' IE 8 ]
According to the Current Status page, this implementation makes the following components aware of the private browsing mode by preventing them from writing anything to disk in this mode:
- Cache service
- Cookies service
- Permissions manager
- SSL Certificate exception manager
- History service
- Form/Search bar auto-complete history manager
- Download manager
- Login manager
- Content-specific preferences manager
- Session restore service
- Error console service