WebExtensions in Private Browsing

[vesta0]

User Story

As a user, I want to choose whether I want to allow a WebExtensions in private browsing, so I have control over the data and permissions shard in private browsing.

Dependencies

A-C project board

Acceptance Criteria

• I can choose to allow a WebExtension to run in private browsing
• This option is at the individual WebExtension level

┆Issue is synchronized with this Jira Task

[brampitoyo]

Progress report:

• In Q4 2019, we’ve decided that WebExtensions will run in both normal and private browsing modes
• In the future, we may provide a choice to disable individual WebExtension in private browsing

[csadilek]

Blocked on: https://bugzilla.mozilla.org/show_bug.cgi?id=1599139

[csadilek]

@brampitoyo As the default for this is "false" (add-ons do not run in private browsing until users turn it off) do we need some form of hint / notification? This is re: #10120 (comment).

Defaulting to false seems correct as this is what Desktop does, just wondering if we need to make this more obvious to users?

[brampitoyo]

@csadilek If these are true:

• Many popular add-ons – and most add-ons that Fenix supports – are ad blockers and/or focused around security
• Private browsing typically demands more stringent security, stricter trackers blocking, etc.

Then does it make sense to set our default policy to TRUE: allow add-on to run in private browsing?

I immediately see huge problems around consent. Add-ons may “phone home” and leak private data (e.g. URLs opened in private browsing). But does our Recommended Extension programme not protect against this?

I think that many users’ expectation is for add-ons to work everywhere by default, but also for those add-ons to not leak data while browsing privately.

---

Either way, I do agree that WebExtensions that run in private browsing should be clearly labelled.

I propose doing something similar to desktop: have a small (16×16dp) private browsing icon to the side of the add-on name. Thoughts?

Icon asset: https://dzwonsemrish7.cloudfront.net/items/2D2h3z2m2P3G0Q2a3I0y/private-browsing.svg

[AndiAJ]

Hi, verified as fixed on the latest Nightly Build #21180609 from 4/27 using the following devices:
• Google Pixel 3a (Android 10)
• Huawei Mate 20 Lite (Android 9)

✔️ I can choose to allow a WebExtension to run in private browsing
✔️ This option is at the individual WebExtension level

► Video

[csadilek]

@brampitoyo Thanks!

I immediately see huge problems around consent. Add-ons may “phone home” and leak private data (e.g. URLs opened in private browsing). But does our Recommended Extension programme not protect against this?

Agreed. I think defaulting to "false" is the right thing to do here, so users can opt-in, as desired. Having a list of recommended and tested extensions protects us from this somewhat, but it still could become a problem later. So, I'd vote for being conservative and use the same default as Desktop.

I will file a separate issue to introduce the label you provided above.