Firefox 3.5 Armed with Privacy Controls

 
 
By Brian Prince  |  Posted 2009-06-30 Print this article Print
 
 
 
 
 
 
 

Mozilla adds new privacy features to the latest version of its Firefox browser in response to features in Internet Explorer 8, Apple Safari and Google Chrome. In addition to a Private Browsing mode, Firefox 3.5 has Forget This Site and Clear Recent History capabilities.

Mozilla has responded to enhanced privacy settings in rival browsers from Microsoft, Apple and Google with new privacy features of its own.

In Firefox 3.5, released June 30, Mozilla has added its own version of private browsing to match a feature offered by Google Chrome, Internet Explorer 8 and Safari. But Mozilla took the additional step of adding a Clear Recent History tool and a Forget This Site feature to bring more layers of privacy to its users.

When private browsing is enabled, nothing a user encounters on the Web will be stored from that moment on during the browsing session. The problem with private browsing modes, however, is that they require users to know ahead of time that they want to be private, said Johnathan Nightingale, Mozilla's "human shield" (aka security expert).

To read more about how Web browsers are improving security, click here.

"Sometimes the history you want to get rid of is browsing you've already done," Nightingale said. "That's why we've also included the Clear Recent History tool ... You can ask us to clear the last hour, the last day or even clear everything, and when you do, we will clear it everywhere. Our power users could always do this, deleting their cookies and their history and their downloads manually, but this tool gives you a single click to clear it all.

"Likewise, when the browsing you want to get rid of is a particular site instead of a particular time frame, we have added a tool called 'Forget About This Site' that allows you to right-click on any entry in your history, and tell Firefox to forget everything it knows about that site, as though you'd never visited it," he added.

In addition to the privacy controls, Mozilla fixed a few bugs and added HTTP Access Control to enable site authors to control who accesses content they put online.

"As people start putting new content online like open video and downloadable fonts (both supported in Firefox 3.5), this will let them control how those are used by third parties," Nightingale said.

Looking ahead, Mozilla has started working on a feature called CSP (Content Security Policy) to fight cross-site scripting. In order to differentiate legitimate content from injected or modified content, CSP requires that all JavaScript for a page be loaded from an external file and served from an explicitly approved host.

"This means that all inline script, JavaScript: URIs and event-handling HTML attributes will be ignored," Brandon Sterne, security program manager at Mozilla, blogged June 19. "Only script included via a <script> tag pointing to a white-listed host will be treated as valid. Additionally, CSP allows several other common-sense security restrictions to be enforced."

CSP is slated for a future Firefox release, Nightingale said.

 
 
 
 
 
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Rocket Fuel