here's a description of what private browsing really means to you.....
The purpose of private browsing is to put Firefox into a temporary state where no information about the user's browsing session is stored locally. Firefox currently handles the user's privacy with a feature in preferences to clear all private data. This feature forces the user to choose between having privacy (even if only momentary), and other useful features like browsing history, and saved passwords. Users should be able to go "off the record", they shouldn't have to shoot the reporter.
As we improve the functionality of history to include full text indexing, and possibly capturing thumbnails of sites visited, the need to respect user's privacy only increases.
Use CasesMany people believe that the primary use case for private browsing mode is viewing pornography. While viewing pornography may be a popular use case due to the nature of content on the Web, assuming that this is the only reason that users need private browsing trivializes the overall feature. For instance, users may wish to begin a private browsing session to research a medical condition, or plan a surprise vacation or birthday party for a loved one. Use cases will range from users cheating on their spouse, to users buying engagement rings. Given the breadth of our user base, specific use cases are likely to be extremely varied.
Shared ComputersIn extreme cases where computers are being shared by many people an hour, for example Internet Cafés, users viewing in Private Browsing mode can be confident that nobody (including the owner of the Internet Café!) will be able to view their browsing history or see details that they've entered into web sites. This creates a key differentiator from Internet Explorer, which offers no such assurances.
Requirements ScopeIt is important to decide early on what is meant by Private Browsing. The bullet-proof solution is to not write anything to disk. This will give users maximum confidence and will remove any possible criticism of the feature from security experts.
By choosing to write *some* data to disk (perhaps in an encrypted format) we have broken a clear and easy to understand contract between Firefox and the user. The user / security expert will not be sure that there is no security risk.
The top level requirements can be summed up as:
- Provide a feature that for all realistic scenarios hides the user's activity while in Private Browsing mode.
- Instill confidence in the user that Private Browsing isn't leaving any trace on their PC. "It doesn't write anything to disk" is a good clear start.
- Clearly indicate to the user when they are protected by Private Browsing and when they are not.