Do their tests tickle ?

Paris, 'cause she gives tickly testies.

OMG WTG FTW Dairy Queen ROFLMAO!

These private browsing modes seem fairly pointless - other than to provide imaginary security.

If someone wishes to monitor your browsing they can easily install logging software on your PC[see http://www.keylogger.org/] or view company/ISP web proxy logs.

Really you *want* it to save your passwords, but in some encrypted password thingy.

And it's *not* just useful for porn. I use it for a perfectly legitimate purpose which unfortunately this comment box is too small to contain a description of.

since waaaaaaaaay back you have been able to configure Firefox to clear the cache on exit, and other various 'dont watch what im doing' settings. I guess this does make it easier for your average Joe, but the question is, do they care enough to need it?

coz <using> paris would be just too <easy> on a pr0n mode comment

the Distrust plugin has done this for a couple of years now.

...is doubled up in the corner saying "K-Snick, K-Snick".

Mine's the Hogwarts coat with wizard's sleeves.

You had to get "testers" and "tickle" in there, didn't you?

Do people not just boot from a live CD for porn mode? That's what my friend tells me he does.

That no one is using Google's Chrome?

A pun too far?

Firefox users are wankers?

The example given in the blog (browsing for a new job while at work) is nonsense unless you have a PC connected to the Internet without a LAN and gateway in the middle and it's misleading to suggest it that you can browse for a new job privately in work.

And even then, if Firefox generates temporary files or uses virtual memory while in private browsing mode, it's not really private either.

Not got a bone to pick with Firefox (apart from the blog entry), IE8 and Safari are also guilty of generating same false sense of security. And probably Opera, if it has one (I don't know but I haven't yet read anything about an Opera private browsing mode).

So the 'Fox will have a 'porn mode' to "...help you make sure that your web browsing activities don't leave any trace on your own computer" and IE8 will have a feature to "... switch off cookies, browsing and search history, (not) save form data and passwords (and) automatically clear the cache at the end of the browser session"

We've got these already: look in Tools --> Clear Private Data. I set the browser to clear private data when I close a session and the options are set to clear browsing history, download history, form and search history, cache, cookies and authenticated sessions. Additionally, I've set history at 0 days and cache at 0MB.

I also have Stephen Gould's little programme CleanUp! installed and I run it between every browser session - it empties recycle bins, deletes newsgroup caches, clears all cookies, deletes all prefetches, clears temporary internet files (in IE), and can also get shot of favourites, temp files and specified registry entries. I recommended (usual disclaimers) this utility and you can find it at

http://www.stevengould.org/

Of course, none of those precautions mean anonymous browsing; they can't stop your ISP or visited sites logging your IP address. If you want to browse anonymously (or, rather, semi-anonymously) you need to use Tor or a service like AnonyMouse:

http://anonymouse.org/

Nor will those precautions prevent your browser leaking info about you in headers - for that you need something like the Firefox Modify Headers extention:

http://modifyheaders.mozdev.org/

Has Firefox really got 20% market saturation? Who knows. My browser header's user-agent string has been modified to disguise my OS and browser type - why offer the bad guys useful info - and I know many Opera and Fox users set their user-agent to spoof IE (in fact, identifying itself as IE used to be the default option in Opera).

Nonetheless, I hope it's true - Microsoft deserves to face proper competition. Competition benefits us all - for instance, Microsoft lumbered on happily with the increasingly outdated IE6 until the Fox started grabbing market share.

For a moment there I thought they'd tapped a line to Australia's banned list with an online search engine that could be tuned to user preferences.

Mine's the one with - mind your own business!

>"The feature, when enabled, will switch off [...] browsing and search history, [...] form data and passwords [&] will automatically clear the cache at the end of the browser session."

<paranoia>That'll be my current normal FF settings then.

<!-- tag left open intentionally -->

The browsing privacy ('pr0n mode') feature is probably going to make some businesses shy away from allowing their employees access to Firefox.

Of course, any company which takes its infrastructure seriously will more than likely use a squid proxy servers with active directory integration for authentication or some similar method so the internet access can be tracked regardless of the privacy mode being enabled or not.

Firefox might be more accepted for business and corporate use if some form of corporate settings template feature was employed to allow customisation, similar to how group policy is used to lock down internet explorer.

The openness of the settings and features such as the privacy mode do discourage businesses from using the browser even though it is superior to internet explorer. The only corporate users of firefox are likely to be the IT staff, designers and reasonably tech savy execs.

"wipe clean tool"

*smirk*

*titter*

Doesn't firefox already have these options in the normal settings? True there's no single button you can click but I like the level of customisation possible.

I have it clearing the browser history but keeping the username/passwords, hopefully you'll still be able to do that as the all or nothing setting is just a bit....well....backward

If the police come round in the middle of the night and confiscate your 'friend''s computers don't be surprised!!

...looks like I'll be giving this a few "test tickles" myself in the near future...

If they claim porn mode will not "leave any trace on your own computer", then I'd like to know if they actually prevent any files from being written to the hard drive and how they clean data in the swap file.

Just deleting the cache files after a porn session means the physical files are still on your hard drive for a forensics expert to easily retrieve (or anyone with enough skill to run a deleted files retrieval tool).

The Firefox developers should be careful about how they present this feature as it is not a 100% guarantee of privacy in any way.

reminding us (the dullards that we are) of the fact that browsers have a 'purge' feature.

Well duh, we don't want the browser to forget everything!

"My browser header's user-agent string has been modified to disguise my OS and browser type - why offer the bad guys useful info"

So that the server can serve up code optimized for your specific browser for one thing. And why do you assume that all websites are "bad guys"?

You are right to ask: "... how they clean data in the swap file"

The answer, of course, is that 'Clear Private data' functions (aka 'pron mode') do not clear the swap file. You need to do that manually. It's a cinch on most Linux distros because the paging files are usually on their own partition. It's not quite as straightforward on Windows but El Reg has this very useful article:

http://www.theregister.co.uk/2007/05/05/wipe_swap_file/

You also state "...the physical files are still on your hard drive for a forensics expert to easily retrieve..." Yup, of course simply deleting a file does not remove it. Over-writing it does, however. Stephen Gould's CleanUp! (see my comment above) has an option 'Fully Erase Files (Wipe Clean)' which is better than nothing.

But a much better bet is to use the free well-established utility called Eraser. This gives you a choice of over-write methods including 35-pass Guttmann algorithm and the US DoD standard. You can erase individual files and you can erase all the free space on a disc. The utility also includes DBAN (Darik's Boot and Nuke) utility, a bootable 'nix app that first erases then over-writes entire hard disks (very useful if you want to dispose of a computer or do a *really* clean install). details are here: http://www.heidi.ie/node/6

how hard would it be for them to, when in "secure" mode simply grab a chunk of ram and use that as a virtual disc for the cache. obviously this would have to be encrypted. since it will probably end up being written to virtual memory. but since the same program will read and write, and you don't want it to be able to remember the previous session you make the "key" random at program start each time.

obviously its utterly pointless when your employer/isp spys on you directly.

would also be worth adding built in TOR support. as well as an ability to view encrypted web pages (which could be only marginally more advanced than ROT-13) simply to spoof filters. (with a suitable apache mod to handle that end maybe) poor mans SSL if you will.

to me a "secure" mode is only useful at home, and then only if you simply don't want traces on *your* machine, and then only if it never writes to the disc.

easy way? probably an old pc with a decent amount of ram, and no fixed disc booting from a cd rom.

otherwise I'm not totally sure what they think they are actually hiding?

... is a browser mode that lives in RAM and does a secure wipe of anything that gets to disk.

With the way UK law is going, its getting to the point that almost anything seen (or pre-fetched) from the inter-web will probably be illegal by next week even if it is considered mainstream today.

Could also use a utility, as a shutdown or startup script, that does a secure wipe of the pagefile.

So has it got a "I don't want BT / Phorm" to profile my browsing habits mode"? Shame...

David:

"So that the server can serve up code optimized for your specific browser for one thing."

Web pages should be W3C-compliant. If they are, they will display in any browser. Bad web designers "optimise" their site for specific browsers - if they can't be arsed to make their sites accessible to all, then I can't be arsed to visit them. I support the Any Browser Campaign http://www.anybrowser.org/campaign/

Secondly, a user-agent string not only identifies the browser, it usually identifies the OS and its specific build. For example, it would identify not only Firefox (and the rendering engine as Gecko) but a specific distro of Linux or a version and build of Windows.

"And why do you assume that all websites are "bad guys"?"

Most of them are not (or, rather, are not knowingly so). But some are. Besides, data travels across the internet in packets (which, of course, can be sniffed) and browser headers are transmitted in clear text.

Claire:

the RAM suggestion would work. So would the HDD-less machine booted off a live CD. But, as you say, there are plenty of other points at which one's internet use can be monitored.

Porn mode? Nah, online christmas shopping for the spouse/kids mode!

from the 'Stealther' plug in?

The "Clear Private Data" function does not clear the sqlite database(s) which sit beneath Firefox 3.0

http://aplawrence.com/Web/firefox-sqlite.html

If you get the sqlite Firefox plugin for Firefox and locate the databases (quite a challenge) you will find every url visited, search term entered and hot diiner you ate logged faithfully.

@Ben Avery

The Distrust plugin? Only if you trust the other users of your computer enough to let them know that you distrust them enough to not know where you've been.

@Everyone else

You guys don't seem to get what this feature is for. I, for one, would prefer my browsing history retain useful things like where I've been so I can actually go back through my browsing history to find them. Trashing everything every time I close the browser would get annoying pretty quickly. This feature (that El Reg claims to be in FF 3.1b1, BUT ISN'T) is so folks like me don't have to manually clear specific entries after-the-fact.

Firefox is still slower than Opera and IE, and it still looks like a** because the fonts aren't antialiased for LCD display. They're talking about jitting script, old news, Microsoft has done that for everything since they pioneered JIT compiler for VB in the 1990s. Plug-ins are the only possible appeal, but I haven't seen one that I really need.

I agree FULLY with SB. write w3c complient pages, and EVERY REASONABLE BROWSER works with them. In addition you get the advantage of remembering to include support for making your page more accessable (like for blind computer users).

note: many versions of IE are not "reasonable" as they do not properly process xhtml without browser optimisations. but these things should be the exception to workaround a browser-bug, not the rule. (or better yet, how come the richest company makeing a browser can't seem to manage to keep up with w3c specs? maybe they could work on shipping a solid browser rather then a flash look-alike?)

on a seperate note: "grabbing a chunk of memory" likely wouldnt work either, unless all OSes FF runs on allow you to tag the memory as "non-pageable" if it ever hits the HD for any reason, your SOL... if your that parinoid.

mines the one with the saved el Reg password

thats why you only store the stuff encrypted in ram, its only stored decoded directly on screen. ok you can't "copy & paste" etc, but thats by design