Please use "Edit with form" above to edit this page.
Item Reviewed
| Per Window Private Browsing | |
| Target | * https://bugzilla.mozilla.org/show_bug.cgi?id=pbngen |
{{#set:SecReview name=Per Window Private Browsing |SecReview target=* https://bugzilla.mozilla.org/show_bug.cgi?id=pbngen
}}
Introduce the Feature
Goal of Feature, what is trying to be achieved (problem solved, use cases, etc)
- right now private browsing is all or nothing
- want to enable concurrent private browsing so info does not leak between normal & private sessions
- down side is the global state is lost, there is no global 'private browsing' flag in the new implementation
- you can't keep your windows from before entering private browsing when entering private browsing (for example, watching a video), since entering private browsing mode closes existing windows/tabs and reopens them on exit in the current implementation
- all windows share the same private browsing session (2 different private windows are not in separate sessions). Which is the same as what we have now, but perhaps less understood by the user
What solutions/approaches were considered other than the proposed solution?
- looked at separate profiles, but that did not use existing profile so that things like add-ons and browsing history would disappear in private windows
**ian, I assume it means people in private mode still like to use their saved bookmarks and awesomebar history search, etc.
- also looked at e10s but that project stalled
Why was this solution chosen?
- This solution maintains the users profile and allows a session to enter private mode
- This solution allows entering private browsing mode for one window while maintaining existing windows in non-private browsing mode
Any security threats already considered in the design and why?
- feature does not interact with web content
- Other than allowing private/non-private at the same time functionality remains the same
Threat Brainstorming
' {{#set: SecReview feature goal=* right now private browsing is all or nothing
- want to enable concurrent private browsing so info does not leak between normal & private sessions
- down side is the global state is lost, there is no global 'private browsing' flag in the new implementation
- you can't keep your windows from before entering private browsing when entering private browsing (for example, watching a video), since entering private browsing mode closes existing windows/tabs and reopens them on exit in the current implementation
- all windows share the same private browsing session (2 different private windows are not in separate sessions). Which is the same as what we have now, but perhaps less understood by the user
|SecReview alt solutions=* looked at separate profiles, but that did not use existing profile so that things like add-ons and browsing history would disappear in private windows
**ian, I assume it means people in private mode still like to use their saved bookmarks and awesomebar history search, etc.
- also looked at e10s but that project stalled
|SecReview solution chosen=* This solution maintains the users profile and allows a session to enter private mode
- This solution allows entering private browsing mode for one window while maintaining existing windows in non-private browsing mode
|SecReview threats considered=* feature does not interact with web content
- Other than allowing private/non-private at the same time functionality remains the same
|SecReview threat brainstorming=' }}
Action Items
| Action Item Status | None |
| Release Target | Firefox 13+ |
| Action Items | |
| ' | |
{{#set:|SecReview action item status=None
|Feature version=Firefox 13+ |SecReview action items=` }}