I think we are looking over the obvious. Submit a bug to FireFox and say that we want it to alert us before going into Private Browsing mode. Make it an option, even if forced from a command line app. Then everyone is happy.
--- On Tue, 7/12/11, Matthew Toseland <toad at amphibian.dyndns.org> wrote: From: Matthew Toseland <t...@amphibian.dyndns.org> Subject: Re: [freenet-dev] Firefox privacy mode destroys existing windows - how the **** can we deal with this? was Fwd: [Freenet 0005209]: Freenet forces firefox into private browsing mode To: devl at freenetproject.org Date: Tuesday, July 12, 2011, 11:30 AM On Monday 11 Jul 2011 21:46:10 Matthew Toseland wrote: > It looks like the original justification for this is somewhat less now, since > Firefox 4 and later *mostly* fix the CSS history leak. They don't eliminate > all possibilities, there are some options if you know what url you are > looking for, but probing hundreds of editions via javascript or image loading > doesn't work. > > Having said that, it does make sense to launch the browser in privacy mode if > possible. E.g. to prevent history being written at all. > > Going to privacy mode manually saves all tabs, and they can be got back by > manually exiting privacy mode or restarting the browser. > > Also, firefox -privacy <url> for me on ff5 on windows just opens another tab, > without using privacy mode. Much the same as (some older versions of?) > Chrome. The bug reporter was using 3.6. > > All this changes things somewhat. See the bug: > https://bugs.freenetproject.org/view.php?id=5209 > Given that: 1) -private doesn't work anyway on FF5 if there are other tabs, it just ignores it, like Chrome used to, and 2) It does clobber the other tags in ff3.6 (according to the bug reporter, we should test this), and 3) The CSS history leak doesn't happen with ff4+ (or is very hard to exploit at least), and 4) We would like to use privacy or incognito mode nonetheless as it should result in the browser being more careful, and in particular it won't record history ... The easiest solution would appear to be to not use -private with ff3.6+. Maybe we should test it with 3.6, 4 and 5 - if on 4 and 5 it merely ignores the private flag, that's at least not destructive, we could only use it on 4+??? Another option is to have a checkbox in the installer. BOTH OF THESE SOLUTIONS SUCK! So we're back to where we started. :( Telling them to use Chrome sucks too. It's not widely available on linux yet, and it's not clear whether it has the CSS history fix. Are there any other options? :( -----Inline Attachment Follows----- _______________________________________________ Devl mailing list Devl at freenetproject.org http://freenetproject.org/cgi-bin/mailman/listinfo/devl -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20110712/235ef98d/attachment.html>
