Firefox 3.5 introduced the Private Browsing Mode feature. This feature allows users to browse freely without having any browsing information recorded on their history, or cookies stored in the system. PBM is activated from the Tools menu, with the Start Private Browsing option, and can be deactivated similarly.
Ehsan Akhgari, creator of the PBM feature, asked the editor team recently if we performed any tests to see if add-ons respect PBM. At the moment we don’t, but we definitely should. Add-ons have the ability to obtain and store browsing data, and some of these add-ons may not be taking PBM into account. This is a breach of the user’s privacy expectations when using PBM, so we will be updating our policies shortly, requiring add-ons to respect PBM.
Ehsan has already explained extensively what’s necessary for PBM support in his blog post and the MDC article on PBM. All add-on authors should read both of these and decide what they need to do in order to become compliant with PBM.
There’s one particularity of PBM that is worth repeating here, though. It’s something that was the subject of some debate within the editor team, and most of us agree that it can be confusing for users as well. Private Browsing Mode is only about browsing. PBM shouldn’t be regarded as a general “private mode” where no data is stored. PBM should only limit browsing data: urls, cookies, page content. Anything that indicates where the user has been.
As a user, I find this limitation too subtle and unexpected. In fact, when we implemented support PBM for Fire.fm we assumed a general “private mode”, and I think our users would expect that as well. So, after some discussion with Ehsan, we decided to allow 2 different “levels” of privacy support:
- If your add-on stores browsing data in any way, it must support PBM. This support cannot be disabled in any way, not even with hidden preferences.
- If your add-on stores some other type of personal data, support for PBM is optional. What we did with Fire.fm is a good guideline: have a preference “support PBM for the data this add-on handles”, turned on by default.
If you’re an add-on author, this is the moment to look at your add-ons and see if you should support PBM. If you’re unsure about your add-on, please post a comment here, or at the Add-ons Forum. We will begin enforcing PBM support by the end of March, and add-ons nominations and updates that don’t respect PBM will be rejected.
Edit: fixed MDC link.