A few days ago I got a note from a technically-minded friend who also has worked in the military/security field. He wrote with a warning about a problem with the newly-released official version of Firefox 3.
He said, “Browsing history can no longer be readily cleared upon exit as with previous versions (like release 2). It is now stored in an encrypted file that, any turkey with half a brain, can readily decrypt, or if they have physical access / web access to your machine, can download / copy at will.” This person travels frequently in China and said he considered this too serious a risk if he had to leave his machine unattended. “I think this is not the browser that I would want to travel around many places and work with.”
Worse, he said, when he went back to Mozilla to find the Firefox 2 install files so he could return to a system he found more comfortable, the files were no longer there.
I was about to post his comments and say that while this person was more security-conscious than I was, the point was worth knowing about in illustrating how much more digital information about ourselves we leave at every turn. Then I thought: why not ask Mozilla?
It turns out that, according to Mozilla, these concerns are unfounded. I heard back quickly from John Lilly, Mozilla’s CEO, and Mike Beltzner, the program lead for FF3, about where these apparently-missing features could be found. If anyone has harbored concerns like my friend’s, responses (tied to this screenshot) come after the jump.
From Beltzner about the browsing history:
We have not removed the feature that allows users to clear their history on exit. This feature - the "Clear Private Data" feature - remains unaltered from Firefox 2. Users can invoke this manually, or they can choose to have their data cleared on exit.
The only feature we did change was the somewhat hidden feature of setting the amount of history we save by default. It used to be that setting that number to 0 would mean we never stored history data, and that's no longer the case. Users looking for that function should use the Clear Private Data function instead.
Further, the history file is not available through web access to one's machine. If someone has file access to one's machine, then there are far more serious security and privacy concerns at play
About where the FF2 “legacy” installation files can be found.
Finally, Firefox 2 is still available at Mozilla.com, linked to from the "Other languages and systems" link below the download button, or at http://www.Mozilla.com/firefox/all-older.html