Archive for November, 2015

Firefox Private Browsing Windows Are Not Independent

November 11, 2015

Public Service Announcement: If you have multiple “Private Browsing” windows open in Firefox (41), they all share the same cookies. So if you think you can login to a site multiple times using multiple Private Browsing windows, you’re out of luck with plain Firefox.
More importantly, if you’re logged into Facebook in one PB window, opening a second PB window won’t protect you from being tracked by Facebook.

You can test this on http://www.html-kit.com/tools/cookietester/ by setting a test cookie in one PB window and then visiting the site in a second PB window, where the cookie from the first window will be displayed.

Of course this information leak not only affects cookies (they are just the most obvious piece of information that’s leaked between windows). For example, when running the browser history sniffer at http://zyan.scripts.mit.edu/sniffly/ in one PB window, it also shows sites you’ve visited in other PB windows.

In summary, this is not the kind of behavior I was expecting from a Private Browsing feature. In the end this feature is really just usable to avoid leaving traces on the computer, but doesn’t help to protect your privacy from the sites you visit.

Advertisements