Is this behavior expected? I would imagine it would be a privacy violation in a multi-user system. I thought they had some sort of encryption for hiding the sites that I visit.
BTW, FF does not do this on private mode. But still it is concerning, that any program can know about the sites I visit just by looking at ~/.mozilla/profile/storage/default.
The tilde (~) means that path is located in the per-user home directory. The default behaviour is for user home directories to be only accessible by that specific user.
The encryption you’re referring to is likely specific to Firefox Sync (i.e. syncing your FF settings, history, etc. across devices). Sync is end-to-end encrypted. But I’m not surprised that it’s unencrypted on disk.
But wouldn’t it be better if they chose to obfuscate it. Are there any inherent disadvantage in doing so?
Generally, no. If a person has access to your home folder, it doesn’t matter if site-data is site-data or some UUID, the person can still look around and find that data. How to do so would be on the internet, in the source code for Firefox.
Firefox simplifies its engineering efforts and makes site-data clearly visible to the proper user by relying on the system’s security measures instead of inventing its own bespoke ones.
You could hash the duckduckgo URL for example
But yeah, the data would be there, not sure how much that would help