Skip to content

Stop forcing (bad) pref values for non-PBM users

torbutton.js currently associates 4 preferences to having private browsing mode enabled by default:

  • browser.cache.disk.enable: never use disk cache to avoid disk-leak. I think memory cached is still used for something, but I haven't checked.
  • places.history.enabled: history, set back to true to enable it when one disables PBM.
    • Right now, in this way we force users that don't want PBM to have history on (which doesn't make sense, unless we want to give them a reminder of what they're doing?)
    • I think it won't do anything in PBM anyway, so we could just unset any user value (once) and leave users do whatever they want.
    • But I wonder if flipping this has some consequences, e.g., automatically delete history when you do it.
    • Finally, this value is not defined in our profiles, currently, but we could set it to false, to have new users explicitly enable it if they don't want to use PBM (e.g., to keep logins).
  • security.nocertdb: enable/disable user's certificate and key databases (set to false to use them).
    • This is pretty easy, imho: they are a security threat also for non-PBM users, so we should restore it to false for everybody once, and then not change anymore (so people will have/will be able to change it manually, if they really want to).
  • permissions.memory_only: use an in-memory database for permissions.

Before PBM, they were controlled by a checkbox. I wonder if they were a way to create PBM when PBM wasn't even a thing, yet.

However, right now they seem a UX nightmare to me. They are not needed in PBM (also Arkenfox says they're optional), but our code force bad values for non-PBM (if I understand the code well, that happens whenever you open a new window!).

Non-PBM isn't supported by default, so I'd just switch to the values we set for PBM, and let users reset the non-safe values, if they really wish to do so. We could even add a scary warning to about:tor to tell them that the behavior is changing.

Please notice that I don't want to lock these prefs, I just suggest to have good defaults, instead of forcing bad values.

/cc @donuts @thorin

Edited by Pier Angelo Vendrame