Is this behavior expected? I would imagine it would be a privacy violation in a multi-user system. I thought they had some sort of encryption for hiding the sites that I visit.
BTW, FF does not do this on private mode. But still it is concerning, that any program can know about the sites I visit just by looking at ~/.mozilla/profile/storage/default.
If you are concerned about a program you installed spying on you, then why do you use that program? If it can access a personal directory in Mozilla, what does it stop from accessing all the other files on your system?
still it is concerning, that any program can know about the sites I visit
As other noted, that’s the case in Linux, by default all processes are equal, so if your shell process can access a file, the Firefox process can access that file.
But there are in fact many ways to sandbox processes and prevent exactly what you are worried about. One way is to install applications via Flatpak (or Snap), that can limit what files the app can see, while still running as your user.
If there is an app you need and don’t trust that’s not available as a flatpak (or snap), there are ways to sanbox it manually. It does require some tinkering, but people can help you on !linux@lemmy.ml
The tilde (~) means that path is located in the per-user home directory. The default behaviour is for user home directories to be only accessible by that specific user.
The encryption you’re referring to is likely specific to Firefox Sync (i.e. syncing your FF settings, history, etc. across devices). Sync is end-to-end encrypted. But I’m not surprised that it’s unencrypted on disk.
But wouldn’t it be better if they chose to obfuscate it. Are there any inherent disadvantage in doing so?
Generally, no. If a person has access to your home folder, it doesn’t matter if site-data is site-data or some UUID, the person can still look around and find that data. How to do so would be on the internet, in the source code for Firefox.
Firefox simplifies its engineering efforts and makes site-data clearly visible to the proper user by relying on the system’s security measures instead of inventing its own bespoke ones.
You could hash the duckduckgo URL for example
But yeah, the data would be there, not sure how much that would help
It’s a pretty common assumption in software, especially on Linux, that if anyone can access your home directory, then you can’t have any expectation of privacy. Some apps make the explicit statement that secrets are stored in plain text because obfuscation would just give you a false sense of security.
The solution is to encrypt the data on a system level, e.g., with encrypted home directories. You could also create an encrypted volume in a file and store the profile in there. Make sure to protect your private keys with good passphrases.
This behavior is expected.
On a multi-user system, this is not a problem, because other users (except root) are not allowed to list directories within your home directory.
For processes that run on your system, this is the same: Usually, only your own processes are allowed to list your files. Then, they can also read your browsing history and all kind of personal files. So, you should not run processes that you don’t trust in respecting your privacy.
And for all site visits that you don’t want to leave traces on your hard drive, you use the private browsing mode. (Keep in mind, that you still leave traces for persons that can read the traffic - even if the traffic is encrypted.)
I forgot to mention:
If you want/need to restrict processes that you run, you can, for example, use AppArmor or SELinux to restrict paths that they are allowed to access.
Or you use containers (Podman, Docker) to run low-privileged containers without access to your home directory.
It is expected, and quite fine… :-)
