June 13, 2008 5:55 AM PDT

Firefox 3 won't have 'private browsing'

Correction at 7:50 a.m. PDT: The spelling of Johnathan Nightingale has been fixed.

At least one security feature won't make it into the final release of Firefox 3 on June 17, Mozilla confirmed again Thursday.

The feature, Private Browsing, would have disabled all caching, cookie downloads, history records, and form data used during the current session. In essence, you could surf the Web and leave no fingerprints.

"It basically said to the browser: I would like what I'm about to do to not be logged anywhere," said Johnathan Nightingale, Mozilla's "human shield," aka its security user interface designer.

He described the private browsing process as this: you hit a button and everything past that point isn't logged. Then, at some point in the future, you hit the button again and it's as though what you just did never happened.

One possible use might be when someone other than the computer owner uses the browser.

"We looked at ways to do this, but the problem is that it touches a lot of code," Nightingale said. "Because there are such rich interactions with Web sites and mashups and things like that, we didn't want to put in something that was half baked."

You can hear more of my interview with Nightingale on my Security Bites podcast here.

Recent posts from Defense in Depth
Column: Raising Cain at Black Hat
Black Hat 2008: Notes from the field
Column: Finally, ID fraud protection that works
Column: Will you be ditching your antivirus app anytime soon?
A real simple answer to password protection
Add a Comment (Log in or register) 40 comments (Showing first 20 comments)
by bigfeet123 June 13, 2008 7:21 AM PDT
yea right, we believe that. can we say "sold out to big brother"
Reply to this comment
by Penguinisto June 13, 2008 7:21 AM PDT
Err, make it an add-on? Firefox has literally hundreds (if not thousands) of nice little add-ons that you can get for free - hosted by Mozilla no less. It wouldn't take much to build and distribute a free add-on that allows one-click private browsing (basically it changes your settings to disallow cookies and such without having to make those settings yourself). In other words, I just don't get the hubbub over it. Besides, for perfectly pure browsing, a public proxy or a site like pagewash.com will do the trick of anonymizing far more efficiently and thoroughly.
Reply to this comment View all 2 replies
by trevorbsmith June 13, 2008 7:22 AM PDT
I know what you meant to write, partly because I have enough technical background to know that it's not possible to "surf the web and leave no fingerprints" and partly because I use Safari on a Mac which already has this Private Browsing feature (and has had for some time).

However, your brief story above MIGHT mislead some readers into thinking that the proposed Firefox feature or the current Safari feature can actually allow you to surf the web without leaving "any fingerprints" on other web sites' logs. This is inaccurate. All your web browsing will still be recorded, most likely, it will just be less immediately obvious to the owners of those web sites or to 3rd parties (e.g. law enforcement) that it was you that did the browsing. The log of your visit will still exist, your computer's IP will still be recorded, etc.

This feature does/will eliminate "any fingerprints" of the activity on YOUR computer. It will only LI MIT the identifying information (through temporarily disabling cookies, for example) sent to other web sites.
Reply to this comment View all 2 replies
by bobcode June 13, 2008 7:46 AM PDT
Private Surfing is simply no cookies and history saved on the local computer. The evident is not on the local computer. Cookies and history is the simplest way to show where someone surfed.
Reply to this comment View all 2 replies
by oh4real June 13, 2008 8:56 AM PDT
Use memcache or similar!

Private Browsing should very, very easy to implement. User turns on Private caching and browser continues to 'log' everything, cookies/history/files/form fields but caches them in memory. Once instance of browser is closed, memory and cache is gone - no history of visit on computer.

Global Private Browsing: When visitor surfs a site or revisits during same instance of browser, browser gets cookie request from host server, writes cookie, checks form fields, etc. and checks cache instead of hard drive.

Site-specific Private Browsing: When visitor surfs a domain they've designated in prefs as private browsing site, browser only checks/writes to cache.

Yes, this could make memory rather large if user has global private browsing on but that is the user issue and they can always just restart firefox to clear memory and go again.

How does Safari do it? Does it write everything to special folder and overwrite it when session ends?
Reply to this comment View all 2 replies
by celticbrewer June 13, 2008 9:22 AM PDT
FireFox2 (and I'm sure most prowsers) under settings and security will let you clear your history, cache, cookies, and more automatically (with or without prompting) when you close the browser. I'd think that'd be good enough for most people. And trevor is right, this would only give privacy from the local computer's stance. Any intereactions from your ISP forward can still be logged by IP, sessions, database interactions, etc...
Reply to this comment View reply
by demon0 June 13, 2008 9:24 AM PDT
There is an add-on for Firefox that accomplishes this already. It's called Stealther and is available through the Mozilla Add-ons site. It makes an entry in the Tools menu, and when you activate it, it disables cookies, history, etc. It works pretty well for my purposes.
Reply to this comment View reply
by gwilliamp June 13, 2008 9:30 AM PDT
Us a sandbox.

I use the free and excellent Sandboxie. On starting a sandboxed FF session it only takes a few seconds extra for the browser to start. Once I have finished browsing I delete the entire sanadbox. ALL logs and cache are GONE.
Reply to this comment View reply
by oh4real June 13, 2008 10:07 AM PDT
Deleting cookies and cache is not enough - you do that manually for pron sites already. Until the disk space is overwritten, it is still there. That's why memcache is the only real way to do it. Memory is overwritten to empty when application closes.
Reply to this comment View reply
by rranjan123 June 13, 2008 10:39 AM PDT
Why can't they make private browsing password protected. If someone other than the owner of the computer uses it without prior permission he/she should be asked to enter a password to use private browsing. I agree it should not be at the click of a button but completely getting rid of it is no solution.
Reply to this comment View all 2 replies
by bluewolf815 June 13, 2008 10:43 AM PDT
It already exists in prior versions of Firefox as an add-on under the name "Distrust"
Reply to this comment View reply
by vorsprung_durch_technik June 13, 2008 10:58 AM PDT
So what is/where do we get "memcache"?
Reply to this comment
by Jag99 June 13, 2008 11:44 AM PDT
The best Firefox add-on to accomplish this is Distrust. Once you install the add-on an eye shaped icon shows appears at the bottom right corner of the browser. Click on it and from that point on everything you do will be tracked by distrust (including files that you download on desktop etc), surf as much as you like and open new tabs etc, when done, just click on it again and everything will be erased (all new windows will be automatically closed also). You will be left with the page where you initially started from. Below is the link...trust me it is awesome.

https://addons.mozilla.org/en-US/firefox/addon/1559
Reply to this comment
by vorsprung_durch_technik June 13, 2008 11:56 AM PDT
@Jag99, it doesn't appear to me that the Distrust add-on works on Firefox 3.x, so it is useless to me, alas.
Reply to this comment
by alleyg June 13, 2008 11:56 AM PDT
?FireFox2 (and I'm sure most prowsers) under settings and security will let you clear your history, cache, cookies, and more automatically (with or without prompting) when you close the browser. I'd think that'd be good enough for most people....?

That's fine, if you don't mind losing ALL history and cookie info.
Reply to this comment View reply
by eglazier June 13, 2008 4:39 PM PDT
first learn how to spell or at least get rid of the sophomoric title of the blog. why should and 'expert' act like a child?

D3F3NS3 1N D3PTH indeed
Reply to this comment View reply
by Jim1921 June 14, 2008 11:46 AM PDT
That is because FF 3's awesome bar utilizes you history and bookmarks to give you suggestions whenever you type in the address bar. Poor decision on Mozilla's part, and quite a security risk for many. BIG MISTAKE Mozilla
Reply to this comment
by Fil0403 June 14, 2008 12:12 PM PDT
Internet Explorer already has "private browsing": Tools > Internet Options > Browsing History > Delete... > Delete all....
Reply to this comment View reply
by lynjs June 16, 2008 1:05 PM PDT
Yep, sold out to big brother, big time. It needs to be listed as an add on for those who share computers.
Reply to this comment
by seybernetx June 17, 2008 1:15 PM PDT
Yeah. They could offer this and a keystroke monitor in one package.

(joke)

(i think)
Reply to this comment
 See all 40 Comments >>
Powered by Jive Software
advertisement

Latest tech news headlines

Resource center from News.com sponsors
Same great protection. Reengineered for speed.
Norton Internet Security™2008

Click Here!
Norton still delivers award-winning protection and now uses 83% less memory and scans 48% faster than the competitor average. Get a FREE trial today!

Click Here!
Norton Beats the Competition

See how Norton Internet Security™2008 uses less memory, while scanning and booting faster than the competitor average.

Norton Protection Blog

Read the latest from our security experts as they help protect people from evolving online threats.

Protect Your Bluetooth Connection

Don't let fraudsters sink their teeth into your Bluetooth connection.

Vishing - What you need to know

Meet the latest ID theft scam: Voice Phishing.

Take Norton for a Test Drive Today!

Act now to get your FREE trial of Norton Internet Security 2008.

About Defense in Depth

Covering computer viruses and computer crime, Robert Vamosi goes beyond the hype to provide you with expert interviews of the top security researchers, as well as offering the hands-on, nontechnical advice you'll need to stay safe online.

Add this feed to your online news reader

Defense in Depth topics

Featured blogs

advertisement

Inside CNET News

Scroll Left Scroll Right
  • News - Business Tech

    Chrome's JavaScript challenge to Silverlight

    The advent of Google's Chrome browser, software pros say, should spur a big speedup for JavaScript, which would raise its standing against Microsoft's Silverlight technology.

  • Gallery

    Photos: Top 10 reviews of the week

    Here are CNET Reviews' 10 favorite items from the past week, including the TiVo HD XL, Sony Cyber-shot DSC-H50, and the Dish Network's newest digital TV converter box.

  • News - Apple

    Apple watchers spot 'iPod Nano' pix, iTunes hints

    The rumor mill has long been predicting a longer, leaner new version of the iPod Nano, and now it's conjuring up some pictures.

  • Coop's Corner

    Chris Shipley 1, Internet lynch mob 0

    Demo's impresario goes public with a tart and smartly written riposte to the shoot-from-the-lip crowd.

  • Video

    Katie Couric reflects on first Webcast

    The political conventions are over and so are CBS Evening News anchor Katie Couric's first series of Webcasts. CNET's Kara Tsuboi sat down with Couric on the final night of the Republican National Convention to discuss what she liked about Webcasting, some of her most memorable guests, and whether TV news will still be around by the next round of conventions.

  • News - Digital Media

    Google-focused satellite enters orbit

    The search titan has exclusive rights among online mapping sites to images from the new GeoEye-1 satellite, which launched Saturday.

  • Video

    YouTube plays party politics

    During the presidential campaigning four years ago, YouTube didn't even exist. Now it's a tool candidates must master to get their message across. CNET's Kara Tsuboi stops by the YouTube upload booths at the Democratic and Republican conventions to find out why Google's video site has such a big presence in Denver and St. Paul, Minn.

  • News - Gaming and Culture

    Are Demo and TechCrunch50 fragmenting their audiences?

    With both events scheduled to start Monday, many press, as well as venture capitalists and others are having to choose which one to attend.

  • News - Cutting Edge

    Execs predict next Google-like tech

    On eve of company's 10-year anniversary, researchers and business pundits speculate about what technologies might someday have as much impact as Google.

  • Gallery

    Images: The art of 'Spore' prototypes

    Will Wright and his Maxis team worked on dozens of prototypes to test the elements of their soon-to-be-released evolution game. Here's a sampling.

  • Crossfade

    The Standard, 'A Different Skin': Free MP3 of the Day

    Eschewing the danceable beats favored by many of its post-punk brethren, while opting instead for more ominous and insistent rhythms, is what makes the Standard visceral and engaging. Download a free MP3 of "A Different Skin" courtesy of CNET Download Mus

  • Green Tech

    Duke Energy to invest in mini solar power plants

    Can hundreds of rooftop solar panels collectively operate like a central power plant? Duke Energy launches $100 million distributed solar program to find out.