saved site permissions are revealing your browsing history from private mode

[Alino]

• Show notifications
• Open external applications
• Autoplay Media

these kinds of saved permissions, are revealing information that you did visit a specific website even in private mode.
If you go to Preferences/Security and scroll down, you can see the list of saved site permissions.

Expectation: private mode should not be able to save site permissions, nor there should be prompts to do so.

[srirambv]

The site settings will be removed when you close the private tabs.

cc: @diracdeltas @bridiver

[Alino]

Not true, I have 0 private tabs opened, and the websites that I visited only in private tabs are still in the list of saved site permissions. Anyway, the user should not be bothered with prompts to save site permissions if site permissions are just temporary. Therefore I would prefer if private tabs never saved such permissions.

Also one more thing,
I have set Autoplay Media to "Always allow"
and when I am browsing the web, websites are automatically being added to the saved site permissions list. Which makes no sense for me to be constantly adding domains to this list if the settings is set to "Always allow" it should just simply always allow, without maintaining a never-ending list of websites that I have visited. This is a browsing history leak.

[Alino]

You should get inspired from chromium regarding private/incognito mode.
Never store any browsing data on disk. As far as I know, the whole incognito mode saves the downloaded resources during your browsing session to RAM.
You should absolutely not store saved site permissions on disk while in private mode.

[srirambv]

Not true, I have 0 private tabs opened, and the websites that I visited only in private tabs are still in the list of saved site permissions

If you have visited the site in a normal tab before and changed settings that gets saved. Try visiting a site in private tab for the first time and change shields settings and close it and see if you are still able to see the saved site settings. Next visit the same site in normal tab and change the shields settings only then it gets saved. Here's how it works.

What ever site settings you make in normal tab those settings are valid for the same site visited in private tabs. Not the other way around. Hope the above screencap resolves the confusion.

I have set Autoplay Media to "Always allow" and when I am browsing the web, websites are automatically being added to the saved site permissions list.

This will be fixed in 0.20.x Reference issue: #9008

[Alino]

Thank you for your explanation.
It doesn't work when you have settings on autoplay media to "always allow"
in that case if you open a website for the first time in private mode, and close it, it will stay in the list.
But it logically should be also fixed by the fix in 0.20.x as you mentioned.

So one more question, are the saved permissions saved to the disk or RAM while in private mode?

[diracdeltas]

saved permissions are never written to disk unless you pick an 'always allow/deny' option