Firefox 3 won't have 'private browsing'

Correction at 7:50 a.m. PDT: The spelling of Johnathan Nightingale has been fixed.

At least one security feature won't make it into the final release of Firefox 3 on June 17, Mozilla confirmed again Thursday.

The feature, Private Browsing, would have disabled all caching, cookie downloads, history records, and form data used during the current session. In essence, you could surf the Web and leave no fingerprints.

"It basically said to the browser: I would like what I'm about to do to not be logged anywhere," said Johnathan Nightingale, Mozilla's "human shield," aka its security user interface designer.

He described the private browsing process as this: you hit a button and everything past that point isn't logged. Then, at some point in the future, you hit the button again and it's as though what you just did never happened.

One possible use might be when someone other than the computer owner uses the browser.

"We looked at ways to do this, but the problem is that it touches a lot of code," Nightingale said. "Because there are such rich interactions with Web sites and mashups and things like that, we didn't want to put in something that was half baked."

You can hear more of my interview with Nightingale on my Security Bites podcast here.

[bigfeet123]

yea right, we believe that. can we say "sold out to big brother"

[Penguinisto]

Err, make it an add-on? Firefox has literally hundreds (if not thousands) of nice little add-ons that you can get for free - hosted by Mozilla no less. It wouldn't take much to build and distribute a free add-on that allows one-click private browsing (basically it changes your settings to disallow cookies and such without having to make those settings yourself). In other words, I just don't get the hubbub over it. Besides, for perfectly pure browsing, a public proxy or a site like pagewash.com will do the trick of anonymizing far more efficiently and thoroughly.

[trevorbsmith]

I know what you meant to write, partly because I have enough technical background to know that it's not possible to "surf the web and leave no fingerprints" and partly because I use Safari on a Mac which already has this Private Browsing feature (and has had for some time).

However, your brief story above MIGHT mislead some readers into thinking that the proposed Firefox feature or the current Safari feature can actually allow you to surf the web without leaving "any fingerprints" on other web sites' logs. This is inaccurate. All your web browsing will still be recorded, most likely, it will just be less immediately obvious to the owners of those web sites or to 3rd parties (e.g. law enforcement) that it was you that did the browsing. The log of your visit will still exist, your computer's IP will still be recorded, etc.

This feature does/will eliminate "any fingerprints" of the activity on YOUR computer. It will only LI MIT the identifying information (through temporarily disabling cookies, for example) sent to other web sites.

[bobcode]

Private Surfing is simply no cookies and history saved on the local computer. The evident is not on the local computer. Cookies and history is the simplest way to show where someone surfed.

[oh4real]

Use memcache or similar!

Private Browsing should very, very easy to implement. User turns on Private caching and browser continues to 'log' everything, cookies/history/files/form fields but caches them in memory. Once instance of browser is closed, memory and cache is gone - no history of visit on computer.

Global Private Browsing: When visitor surfs a site or revisits during same instance of browser, browser gets cookie request from host server, writes cookie, checks form fields, etc. and checks cache instead of hard drive.

Site-specific Private Browsing: When visitor surfs a domain they've designated in prefs as private browsing site, browser only checks/writes to cache.

Yes, this could make memory rather large if user has global private browsing on but that is the user issue and they can always just restart firefox to clear memory and go again.

How does Safari do it? Does it write everything to special folder and overwrite it when session ends?

[celticbrewer]

FireFox2 (and I'm sure most prowsers) under settings and security will let you clear your history, cache, cookies, and more automatically (with or without prompting) when you close the browser. I'd think that'd be good enough for most people. And trevor is right, this would only give privacy from the local computer's stance. Any intereactions from your ISP forward can still be logged by IP, sessions, database interactions, etc...

[demon0]

There is an add-on for Firefox that accomplishes this already. It's called Stealther and is available through the Mozilla Add-ons site. It makes an entry in the Tools menu, and when you activate it, it disables cookies, history, etc. It works pretty well for my purposes.

[gwilliamp]

Us a sandbox.

I use the free and excellent Sandboxie. On starting a sandboxed FF session it only takes a few seconds extra for the browser to start. Once I have finished browsing I delete the entire sanadbox. ALL logs and cache are GONE.

[oh4real]

Deleting cookies and cache is not enough - you do that manually for pron sites already. Until the disk space is overwritten, it is still there. That's why memcache is the only real way to do it. Memory is overwritten to empty when application closes.

[rranjan123]

Why can't they make private browsing password protected. If someone other than the owner of the computer uses it without prior permission he/she should be asked to enter a password to use private browsing. I agree it should not be at the click of a button but completely getting rid of it is no solution.

[bluewolf815]

It already exists in prior versions of Firefox as an add-on under the name "Distrust"

[vorsprung_durch_technik]

So what is/where do we get "memcache"?

[Jag99]

The best Firefox add-on to accomplish this is Distrust. Once you install the add-on an eye shaped icon shows appears at the bottom right corner of the browser. Click on it and from that point on everything you do will be tracked by distrust (including files that you download on desktop etc), surf as much as you like and open new tabs etc, when done, just click on it again and everything will be erased (all new windows will be automatically closed also). You will be left with the page where you initially started from. Below is the link...trust me it is awesome.

https://addons.mozilla.org/en-US/firefox/addon/1559

[vorsprung_durch_technik]

@Jag99, it doesn't appear to me that the Distrust add-on works on Firefox 3.x, so it is useless to me, alas.

[alleyg]

?FireFox2 (and I'm sure most prowsers) under settings and security will let you clear your history, cache, cookies, and more automatically (with or without prompting) when you close the browser. I'd think that'd be good enough for most people....?

That's fine, if you don't mind losing ALL history and cookie info.

[eglazier]

first learn how to spell or at least get rid of the sophomoric title of the blog. why should and 'expert' act like a child?

D3F3NS3 1N D3PTH indeed

[Jim1921]

That is because FF 3's awesome bar utilizes you history and bookmarks to give you suggestions whenever you type in the address bar. Poor decision on Mozilla's part, and quite a security risk for many. BIG MISTAKE Mozilla

[Fil0403]

Internet Explorer already has "private browsing": Tools > Internet Options > Browsing History > Delete... > Delete all....

[lynjs]

Yep, sold out to big brother, big time. It needs to be listed as an add on for those who share computers.

[seybernetx]

Yeah. They could offer this and a keystroke monitor in one package.

(joke)

(i think)