I was somewhat familiar with Firefox source code a while ago. I was intrigued when they introduced their "Private Browsing" feature. I couldn't find a reason why anybody would need it. ;)
Anyways today I was thinking about what the important aspects of private browsing are and how Firefox's developers would have implemented it - still remembering somewhat how firefox developers maintain network connections.
If a web-server is using HTTP connection's keep-alive setting, expected behavior for Firefox is to honor it. However, the question is when Firefox switches to "Private Browsing" mode, what would Firefox do to these kept-open HTTP connections that already knows who you are? Unfortunately, Firefox keeps them alive. So if you go to these web-sites again after starting the "Private Browsing" mode, they might actually detect you. :(
Here is a sample web-server code that will remember you when you switch to "Private Browsing" mode in Firefox while visiting them. Namely a user:
- Visits the site that is running the code in one of your firefox tabs (let's call this site: Site-A)
- Switches to "Private Browsing" mode
- Enters the URL of the Site-A again and then notices that the Site-A still knows who the user is
Below sample web-server code uses the network socket information to remember who you are in the scenario above. After above step "1" the below code randomly assigns a name to you. Then at above step "3" it remembers your name and tells you who you are.
Please note that the platform that I tested this is Mac running OSX 10.6.7 (i386) and running Mozilla Firefox 3.6.16.