Posts by davidows

Corrections by a CISO

If you're really concerned with security and privacy, you shouldn't be using any browser to remember completed forms or passwords. That's what products like RoboForm are for, and Roboform has never had a vulnerability requiring a security patch for as long as I've been using it (well over a decade).

As for the comments by tfb & APraxis, the data were always there in the cache, as with many other browsers (e.g. Opera & Chrome; I have banned any use of IE, so I can't comment there). There is no "Thumbnails" folder, they're generated on the fly from the data in the cache.

My major complaint with the "Firefox/Features/New Tab Page - MozillaWiki" linked above by Gold Plating, is that one of the requirements reads that it should be "useful without any configuration, yet can be easily configured and disabled". After upgrading to FF 13, I immediately wanted to turn it off, but had to search through all of the options before finally learning that the icon in the upper right corner of the New Tab Page was intended to make it "easily disabled", I just finally found out how to permanently disable it or "show, hide and customize top sites" on this page:

http://support.mozilla.org/en-US/kb/new-tab-page-show-hide-and-customize-top-sites?s=new+tab+page&r=0&e=un&as=s

As for the security issue, some are suggesting that we should have Firefox clear the history after every session. However, it isn't necessary to clear the entire Browing history (which can come in handy at times) if the user simply clears the browser's Cache, Active Logons, and perhaps Offline Website Data plus Form & Search History for safe measure. This can be done from the Options dialog, Privacy tab, History section, by checking the box for "Clear history when Firefox closes" and using the Settings button to be more specific.

These options are visible and accessible by default, but not if the user had previously changed the first option in the History section from "Use custom settings for history" to either "Remember history" or "Never remember history".

Clearing specific historical info can also be done manually by downloading one of the sets of toolbar button extensions with an "Open Clear Private Data Dialog" button, such as the Broom button I have, and adding it to the toolbar, by right-clicking the toolbar and selecting customize. Using that button, I can choose what time range to clear, 1, 2 or 4 hours, Today, or Everything, and which categories to clear, so I don't lose my entire browsing history, site preferences or non-trackng cookies such as the one that allows my bank to recognize my system when I try to login. This prevents me or anyone else from logging in from another system, unless they have access to my email so they can validate the other system by receiving a code sent to me upon request, and that code is only valid for a short time.