Is this behavior expected? I would imagine it would be a privacy violation in a multi-user system. I thought they had some sort of encryption for hiding the sites that I visit.
BTW, FF does not do this on private mode. But still it is concerning, that any program can know about the sites I visit just by looking at ~/.mozilla/profile/storage/default.
It’s a pretty common assumption in software, especially on Linux, that if anyone can access your home directory, then you can’t have any expectation of privacy. Some apps make the explicit statement that secrets are stored in plain text because obfuscation would just give you a false sense of security.
The solution is to encrypt the data on a system level, e.g., with encrypted home directories. You could also create an encrypted volume in a file and store the profile in there. Make sure to protect your private keys with good passphrases.