Private Browsing support in Firefox extensions

Firefox 3.5 included the Private Browsing feature for the first time.  As I’ve already written about it, Private Browsing is a mode in which Firefox does not record any data which can reveal the sites and pages that users have visited.  So, whenever you want to browse without leaving a trace on your computer, you put Firefox into the Private Browsing mode, and rely on Firefox to keep its promise and not record any revealing information about your browsing activities.  Now, with extensions introduced into the picture, things are a little bit more complex.

In general, there is no way for Firefox to be able to automatically detect whether extensions are honoring the Private Browsing mode or not.  The same is true in almost every other functionality provided by the browser.  That is why we’ve been using human inspection in reviewing the extensions submitted to AMO, to make sure that extensions do not impair the functionality provided by the browser.

After a lengthy discussion with the AMO editors, we have decided to modify the AMO add-on submission policy to reflect that extensions should honor the Private Browsing mode in order to be listed publicly on AMO.  While most extensions will not need any modifications for supporting Private Browsing (because they don’t record any data revealing users’ browsing activities), there are some which require some changes, and we appreciate the fact that the change cannot happen overnight.  Therefore, we’ve tentatively decided to give a two-month grace period to add-on authors before we actively start to reject extensions incompatible with the Private Browsing mode.

This means that during this grace period, if a reviewer comes across an extension which complies with the submission policy in every respect except for Private Browsing support, one of the following will happen depending on the status of the add-on:

  • For add-ons nominated to become public for the first time, the add-on will be rejected.
  • For updates to existing public add-ons, the update will be approved with the additional note to the author stating the incompatibility of the add-on with Private Browsing, and that it must be fixed in the next version of the add-on.

Please note that while the decision is not yet final, it’s been discussed extensively and is likely to be put into effect soon.

Now, let’s take a moment to talk about what it means for an extension to support the Private Browsing mode.  Basically, extensions need to ensure that no sensitive data is recorded inside the Private Browsing mode.  You would of course get a different answer depending on who you ask about what sensitive data are, but we’re tried to keep a well-defined scope for this term in Firefox.  Basically, we consider data which fits into one of these five categories as sensitive, and refrain from saving such data to disk inside the Private Browsing mode.

  1. The data which includes things like the URL of pages that the user has visited.  Example of such data inside the Firefox includes browsing history, and download history.  Note that in this case, we usually remember the things that the user explicitly asks us to save (like bookmarks), but try to eliminate the visited-ness traces if possible (e.g., we save bookmarks as unvisited bookmarks, which can also be created by adding a bookmark from the Library window and entering a URL manually.)
  2. The domains of websites which the user has visited.  Example of such data inside Firefox includes the content preferences service, which stores preferences (such as the zoom level) for an Internet domain.  We usually refuse to remember such settings inside the Private Browsing mode.
  3. The content of the web pages that the user has visited.  Example of such data inside Firefox includes the network cache.  We usually try not to write the content to disk inside the Private Browsing mode, and in the case of cache, we still keep the in-memory cache around for the duration of the Private Browsing mode.
  4. Other data related to web pages that the user has visited.  Examples of such data inside Firefox includes the cookies, which we only store in memory inside the Private Browsing mode.
  5. Other data which is used to customize the Firefox UI based on what happens inside the Private Browsing mode.  Examples of such data inside Firefox includes the path of the last download directory, which is used to initialize the file picker to that directory for future downloads.  We usually refuse to store this data inside the Private Browsing mode, although we retain the data in memory for the duration of the Private Browsing mode in order to provide a seamless UI functionality to users.

The AMO reviewers will be reviewing each submitted add-on based on the criterion of whether it persists any data belonging to the above categories on disk.  Although after reading the list, supporting Private Browsing mode in an extension might seem overwhelming, it actually isn’t that hard!  Basically, if an extension is using one of the APIs provided by Firefox or Gecko, it’s already safe, because we’ve been careful to make sure that our APIs handle the Private Browsing mode in a graceful manner.  There are several resources for add-on authors who need to know more details about how to support Private Browsing mode in their extensions.  Make sure to keep these resources in mind, and use them:

Happy hacking!

Posted in Blog Tagged with: , ,
8 comments on “Private Browsing support in Firefox extensions
  1. hii
    ook als pornoknop bekend staat. Ehsan Akhgari, ontwikkelaar van de Private Browsing Mode, vroeg Mozilla’s add-on team of uitbreidingen en extensies wel rekening met PBM houden. Uitbreidingen.

  2. [...] has already explained extensively what’s necessary for PBM support in his blog post and the MDC article on PBM. All add-on authors should read both of these and decide what they need [...]

  3. [...] ook als pornoknop bekend staat. Ehsan Akhgari, ontwikkelaar van de Private Browsing Mode, vroeg Mozilla’s add-on team of uitbreidingen en extensies wel rekening met PBM houden. Uitbreidingen [...]

  4. [...] di navigazione anonima oggi offerte dai principali web browser, Firefox incluso. Un esempio ne è la questione sollevata la scorsa settimana da Ehsan Akhgari, autore della funzione Private Browsing Mode (PBM) [...]

  5. [...] di navigazione anonima oggi offerte dai principali web browser, Firefox incluso. Un esempio ne è la questione sollevata la scorsa settimana da Ehsan Akhgari, autore della funzione Private Browsing Mode (PBM) [...]

  6. [...] di navigazione anonima oggi offerte dai principali web browser, Firefox incluso. Un esempio ne è la questione sollevata la scorsa settimana da Ehsan Akhgari, autore della funzione Private Browsing Mode (PBM) [...]

  7. tennis tickets 2010 Pro says:

    That’s really convenient for kids watching stuff that their parents shouldn’t see and for spouses flirting with other people online. I should get that installed. Thanks, firefox!

  8. [...] has already explained extensively what’s necessary for PBM support in his blog post and the MDC article on PBM. All add-on authors should read both of these and decide what they need [...]