Firefox Private Browsing Windows Are Not Independent

Public Service Announcement: If you have multiple “Private Browsing” windows open in Firefox (41), they all share the same cookies. So if you think you can login to a site multiple times using multiple Private Browsing windows, you’re out of luck with plain Firefox.
More importantly, if you’re logged into Facebook in one PB window, opening a second PB window won’t protect you from being tracked by Facebook.

You can test this on http://www.html-kit.com/tools/cookietester/ by setting a test cookie in one PB window and then visiting the site in a second PB window, where the cookie from the first window will be displayed.

Of course this information leak not only affects cookies (they are just the most obvious piece of information that’s leaked between windows). For example, when running the browser history sniffer at http://zyan.scripts.mit.edu/sniffly/ in one PB window, it also shows sites you’ve visited in other PB windows.

In summary, this is not the kind of behavior I was expecting from a Private Browsing feature. In the end this feature is really just usable to avoid leaving traces on the computer, but doesn’t help to protect your privacy from the sites you visit.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: