Hi all !
I’m Romain Testard, product manager on Firefox desktop. I’m super interested in opinions and ideas regarding Private Windows. We think that Private Windows are not simple enough to access and would love your feedback regarding what matters to you as a user of private windows.
How can we make private windows simpler to use so you engage with them more?
Thanks so much for your valuable ideas!
Hi @rtestard ,
I have raised an idea for this (Add ability to use Tor in private browsing - Mozilla Connect), but having the ability to use private windows with Tor would make me feel more secure when I am using them.
Thanks, this is a great one indeed. In my opinion it should remain an option as opposed to a default given the trade offs on webcompat and speed but this clearly would advance the value prop of private browsing from 'Leave no traces on your computer" closer to online anonymity.
I use private windows most of the time, mostly to not clutter my history, to not have to think about cookie choices and to have a neutral browsing experience in general.
When I come across a worthwhile webpage, I open it in a normal window to save it in my history (and perhaps continue browsing there).
Now I manually copy & paste the URL into the normal window, but it would be great if there was a right-click option on the tab to 'send' this to the normal window (or even with a shortcut). This right-click option could for instance be located among the "Move Tab" options.
Funny, for me it’s quite the opposite. I like that private mode gives enhanced privacy, in fact it would be great to have privacy.resistfingerpinting.enable=true*, but I use it only for shady websites which I know I’m very unlikely to visit in the future. This is because modern search engines are all terrible and it’s way easier to search history instead when I know what I’m looking for. So if there was an option to store history (which is exactly against the origin of private mode…) I would probably use it more often. Additionally, I think it should be a little more extreme and provide protection as close to privacy-focused browsers as possible without making websites unusable out of the box (or at least with one click).
* Note my privacy settings in normal browsing are on edge of usability, so private mode doesn’t really give me too much benefit in terms of privacy as of now.
privacy.resistfingerpinting.enable=true breaks sites in unpredictable ways - this is a valuable protection but it brings too many web compatibility compromises unfortunately for our typical users
Being able to browse without leaving traces behind is the main use case for private windows - there are clear usability drawbacks there but storing history feels counter to the main value prop of private browsing. As discussed above it seems like there is real value in being able to more simply switch domains from private context to normal context in order to add private window navigation to normal window history.
I used to use private mode a lot for opening the same site with different login profiles. But now I don't use it so much, because multi account containers fulfills that need.
I do sometimes use it for testing a site afresh, for seeing a pure uncached performance. And sometimes for things I don't want appearing in my firefox history.
In my IT worker experience, people use private windows (incognito in chrome) for 2 things:
Firefox's multi account containers/container tabs is a game changer for being able to separate accounts/logins for similar sites. So I think (if advertised correctly and easy enough to use/discover), private windows wouldn't need to be used as much. Win!
For the 2nd one, a couple thoughts:
Thanks @KERR , all great input!
A couple of follow-up questions on topics I investigated:
- Private browsing inside Windows as opposed to tabs: this feels like a valuable place to research. My instinct would be that having my private context in a separate Window that I can conveniently launch or close gives more control to users and helps better segment contexts (easier to hide, easier to close, when I close a normal tab a private tab does not show up). What problem would private tabs solve that private windows don't specifically?
- Private windows for account management: I think we have a product gap on Firefox for this where managing profiles should be made more accessible. I think this would solve for work GMail VS personal GMail types of issues. Multi account containers are a fix for this but you have to be a pretty advanced user to understand the concept and the UI. Overall it's interesting that this is a use case for private browsing but I suppose the fix for this should be better identity management for non pro users.
"What problem would private tabs solve that private windows don't specifically?"
Good question. Personally I like my browser to be contained to just one window. Eg, I'm hoping bookmarks/downloads will be integrated into tabs instead of a window. Kind of like how container tabs fit alongside normal tabs. Others may have some thoughts around this too.
I would put a toolbar icon (new installs by default, option for existing installs with a note in a upgrade newtab to point people at the customise toolbar options to add it) that would switch the browsing session or open a new tab in private browsing mode. Think about the Pocket, FxA and (on Dev Edition) the developer tools icon is in the Firefox toolbar, but having a private browsing toggle.
This would be similar to the private browsing icon in Firefox for Android - there if I need it, but not so far out of the way that I would not be able to find it.
I think it would. We currently have "New Private Window" as an optional icon to add to the toolbar, but trying to find that is not easy and needs an additional user action. By changing this to "New Private Tab" and adding it to the toolbar by default it will make the feature more discoverable.
I use the multi account containers a lot and rarely use the private window. I usually only use it for two usecases:
1) To disable addons. I sometimes need to test cookie banners and I have an addon that kills them. The private window is a convenient way to get rid of the addons.
The second usecase: When I don't want the pages I visit added to the history.
Apart from that I am very happy with the multi account containers.
Yes, tabs instead of windows are certainly a major reason for me using them. It is just convenient to have everything in one window with those neat colored bars (they could be a bit thicker/more visible, but that's maybe just my preference)
But my usual usecases often also include multiple logins. To test product features, I need sometimes need to login as admin, editor and enduser. So, for me as a developer, multi-account containers are a lot more useful than just private windows.
To be honest, most of the time, I need just two accounts, so private windows would suffice. But here the convenience and that I am already used to multi-account containers kicks in. I started to use them when they were an experiment and separated work from private and also "other stuff".
Just another thought:
Private Window/incognito wipes all your history and cached logins. In Edge, I have to rely on bookmarks and approve sign-ins constantly. Container Tabs are the best of both worlds ❤
I think there's a lot of confusion about what the use cases of both are. They each have certain goals. Perhaps when people open a Private Window, there could be a message saying something like "Logging into another account? We've got you sorted, no Private Windows required..." etc.
Have Firefox Merge with Duck Duck Go, engineer and create new type of firewall "shield" for Firefox Browser using Duck Duck go as a default built in Search Engine, buy UBLOCK Origin and build it to operate natively in the browser, create built in applet that provides FAKE History and Fake Cookies to Web Sites that randomly changes so that any information pulled from your browser is useless to the Privacy Stealers, that want your private information, randomly constantly change fingerprints using another fingerprint emulator randomizer applet, Always use a Good QUALITY VPN. Create a New Search Engine that only works with Firefox Browsers and Does not collect any privacy information. 😎👍 Create new ANTI TRUST Suits and break the Standard Oil Giant Tech Companies into little pieces, Ban Social Networking Sites. Ban Hate Speech, Hate Speech is hurtful and not Freedom of Speech.
I wouldn’t say never but it is rare for me to use private windows. Consequently I probably have a host of misconceptions about them.
I did think that all trace of visited websites and searches would be erased on the device on closing a private window. I was aware that my ISP would still “see” those sites.
Firefox gives a pretty detailed explanation on the entry page of a private window: See below
Of course one has to read that.
I do use a VPN although not the Firefox one. I have used Express VPN across all my devices for some years.
I’m not sure how it could be made simpler to open a private window, it seemed pretty simple to me and the same as other web browsers although as stated I don’t use one very often. Perhaps it could be an option in the menu bar but accessing it from the windows screen seems entirely logical to me BUT the instructions for the private window in
Need to be brought up to date. The mechanism although completely intuitive is very different on my iPad to the description in the article named above.
I’m not sure what specific use cases you are referring to but it all seems clear enough to me. If I want to ensure that the Firefox browser will not store history, cookies, passwords, site preferences, or temporary Internet files then I should use a private window. The little mask icon makes it easy to swap between private and not private tabs and I found I could easily cut and paste between them. More than I knew before writing this reply😉
I kinda want to be able to use a different default search engine in private windows
This is a hidden option. I'm not sure why this is hidden. To take it out for a spin:
(A) In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button accepting the risk.
More info on about:config: Configuration Editor for Firefox. Please keep in mind that changes made through this back door aren't fully supported and aren't guaranteed to continue working in the future.
(B) In the search box in the page, type or paste separatePrivateDefault and pause while the list is filtered
Firefox will show 3 preferences, two of which need to be changed:
(C) Double-click the browser.search.separatePrivateDefault preference to switch the value from false to true
(D) Double-click the browser.search.separatePrivateDefault.ui.enabled preference to switch the value from false to true
Now, on the Settings page Search panel, where you select your preferred default search engine, there will be an additional selection for private windows.
Thanks @Guest !
I'm curious about the use case here. Private windows will force a signed out state on your Google account, implying that your search history won't be stored on your Google account. Do you have specific concerns with default search engines in PBM if cookies are cleared and your account is signed out?
I was not expecting this use case 🙂
I guess this is where the customisability of Firefox with the about:config set-up that @jscher2000 shared above comes useful - we always try to maintain customizability when it does not prevent us from maintaining it
Now I'm curious about your set-up, feel free to share if you feel like it provides better privacy overall!
it feels kinda weird that sites can tell that they're open in private mode. like they can detect that their service workers don't get installed and stuff. actually that would be pretty nice for web development if you could install service workers in a private browsing session and automatically have it cleaned up, so that you don't have to fuss with the about:serviceworkers
Our policies around private browsing so far have been that private browsing data never touches disk. In the event of a crash in private browsing mode, everything that happened for ServiceWorkers would be available and would also otherwise leave on-disk remnants. You although bring up a good point here and we should find the right compromise - encryption in storage related APIs may be our path to success there to get the best of privacy for users - I'll follow-up to better understand if this should be a priority VS other work.
Hi Romain, thanks for the discussion. couple minor details here:
- great that Firefox is able to prevent private browsing data from being written to disk
- web technologies aren't specified to be written to any particular kind of storage. in fact, things like localStorage and cookies work in private browsing mode. as we understand it from your description, their stateful components are backed by memory
- service workers actually aren't even a storage api. or at least they have several uses other than storage. for example, they can programmatically answer http requests, facilitate push notifications, and coordinate things between multiple open tabs
- I'll take the above message as meaning that service workers as currently implemented in Firefox relies on disk storage for some important things. thanks for that insight