Is this behavior expected? I would imagine it would be a privacy violation in a multi-user system. I thought they had some sort of encryption for hiding the sites that I visit.
BTW, FF does not do this on private mode. But still it is concerning, that any program can know about the sites I visit just by looking at ~/.mozilla/profile/storage/default.
It isn’t just Linux, the same is in the user AppData on Windows (would also guess Mac OS). Both a gift and a curse as I find that when I need to make a backup of peoples’ data before restoring/clean installing Windows/Mac OS or moving stuff to a new PC. Those folders are pretty important to get, as you can have all their bookmarks, history, settings, and passwords just show up (though you need to sometimes have to change the profile if a new one still gets created). Same is true for Chrome and other Chromium-based browsers, but they tend to not bring passwords over the majority of the time (need to manually export and import if the PC is actually able to boot into normal/safe modes of whatever OS used).
FF is easier in the cases where the OS is broken or pulling the drive to copy (though very few people use it to begin with). But it does mean it is a curse if the passwords aren’t also locked (would imagine having a master password might help but haven’t tried to see). While it would make part of my job harder with regards to FF data, it is odd that Mozilla doesn’t break them most of the time when Chromium browsers are able to. Though I haven’t had to help someone with Linux in the same way, so maybe it is just a Windows (and maybe Mac OS been a while since I needed to worry about FF so idk) thing for passwords.
Last bit below is a general rant of a PC repair tech’s daily struggle with customers that freak out when something bad happens before bringing stuff in for repair/setting up a new PC. Just had to get it out, but not specific to FF and just data in general (just kept typing). lol
Would make my job easier if people at least signed into their browsers beforehand and remember their log-ins to get browser stuff working (which would at least give them other accounts/passwords back). But the folks that tend to freak out about their stuff tend to also not make their own backups or sign into their browsers (let alone even remember their passwords for crucial stuff) before anything happens. Password vaults would be the same issue even if they had them, but maybe less if they had to enter their master password daily at least once.
For Windows (and even Mac OS in some cases) cloud stuff like OneDrive being turned on by default for the Documents, Desktop, and Pictures (or the defaults for other services) folders don’t even help them. Because they literally don’t even remember the email used when setting up Windows/services, or for whatever reason lost access to that account and somehow think that just using a different account with a different email will still give them their shit. Claiming that I or my co-workers “lost their data” when it isn’t there due to just the stubs of files that were only in the cloud.
The tilde (~) means that path is located in the per-user home directory. The default behaviour is for user home directories to be only accessible by that specific user.
The encryption you’re referring to is likely specific to Firefox Sync (i.e. syncing your FF settings, history, etc. across devices). Sync is end-to-end encrypted. But I’m not surprised that it’s unencrypted on disk.
But wouldn’t it be better if they chose to obfuscate it. Are there any inherent disadvantage in doing so?
Generally, no. If a person has access to your home folder, it doesn’t matter if site-data is site-data or some UUID, the person can still look around and find that data. How to do so would be on the internet, in the source code for Firefox.
Firefox simplifies its engineering efforts and makes site-data clearly visible to the proper user by relying on the system’s security measures instead of inventing its own bespoke ones.
You could hash the duckduckgo URL for example
But yeah, the data would be there, not sure how much that would help
I mean, lots of problems rise from this from interoperability, debug ability, removing control & ownership of your own data…etc
Obfuscating the data means you (The user, via your own means) no longer have access to it, you cannot integrate with it, …etc This is a problem for a project that promotes itself for openness and compatibility.
Firefox should not be solving your user level access permission problems, that’s not it’s job 🤦
It’s a pretty common assumption in software, especially on Linux, that if anyone can access your home directory, then you can’t have any expectation of privacy. Some apps make the explicit statement that secrets are stored in plain text because obfuscation would just give you a false sense of security.
The solution is to encrypt the data on a system level, e.g., with encrypted home directories. You could also create an encrypted volume in a file and store the profile in there. Make sure to protect your private keys with good passphrases.
This behavior is expected.
On a multi-user system, this is not a problem, because other users (except root) are not allowed to list directories within your home directory.
For processes that run on your system, this is the same: Usually, only your own processes are allowed to list your files. Then, they can also read your browsing history and all kind of personal files. So, you should not run processes that you don’t trust in respecting your privacy.
And for all site visits that you don’t want to leave traces on your hard drive, you use the private browsing mode. (Keep in mind, that you still leave traces for persons that can read the traffic - even if the traffic is encrypted.)
I forgot to mention:
If you want/need to restrict processes that you run, you can, for example, use AppArmor or SELinux to restrict paths that they are allowed to access.
Or you use containers (Podman, Docker) to run low-privileged containers without access to your home directory.
still it is concerning, that any program can know about the sites I visit
As other noted, that’s the case in Linux, by default all processes are equal, so if your shell process can access a file, the Firefox process can access that file.
But there are in fact many ways to sandbox processes and prevent exactly what you are worried about. One way is to install applications via Flatpak (or Snap), that can limit what files the app can see, while still running as your user.
If there is an app you need and don’t trust that’s not available as a flatpak (or snap), there are ways to sanbox it manually. It does require some tinkering, but people can help you on !linux@lemmy.ml
That’s true of Windows, any process running as the same user can read Firefox data files, probably its memory too. Malware do that, and that’s why people try hard to avoid malware with AV, security fixes, sandboxing, hardening, education, …
There is better sandboxing support on Linux, at least on the tooling side. It’s relatively easy to use firejail to sandbox every program that interacts with the network. Last time I looked I couldn’t find an equivalent on Windows that’s freely available. The “Windows Sandbox” thing is the closest but it’s fairly heavy and inconvenient. Unlike firejail it doesn’t come with profiles tailored for various popular software.
on windows too. any programs can read your history bookmarks, cookies, for chrome too
It is expected, and quite fine… :-)
If you are worried about other users on your machine then you can verify/update your umask so others can’t access your files.
If you are worried about programs under same user then you need to use AppArmor and or firejail heck you can even go crazy and use SELinux.
If you are concerned about a program you installed spying on you, then why do you use that program? If it can access a personal directory in Mozilla, what does it stop from accessing all the other files on your system?
