Project

General

Profile

How to save session/ keep tabs?

Added by Mert Evgen about 2 years ago

Hello,
is there a way to keep the opened tabs, after I closed the Android Privacy Browser? When I open it again, all tabs are gone.

It is one of the most important settings for me, but it seems, there is no such option.

Thanks for yout help.


Replies (9)

RE: How to save session/ keep tabs? - Added by Soren Stoutner about 2 years ago

Privacy Browser is built on two core privacy principles as explained at https://www.stoutner.com/privacy-browser-android/core-privacy-principles/.

The second one is that Privacy Browser minimizes the amount of data that is stored on the device.

From the link:

"From time to time I receive requests to add features to Privacy Browser that automatically store comprehensive histories across reboots or restore tabs on a restart. Although I can see the usefulness of such features, I am opposed to anything that automatically stores a browsing history just by engaging in normal browsing behaviors. Doing so makes it easy for malicious apps or devices made by companies like Cellebrite to extract browsing history from user devices without consent. As such, these type of features are unlikely to ever be implemented."

RE: How to save session/ keep tabs? - Added by hugo gogo over 1 year ago

I have a question about that :

we can save bookmarks, they are stored locally, so what is the difference with saving tabs, in terms of security ?

RE: How to save session/ keep tabs? - Added by Soren Stoutner over 1 year ago

As the quote above says, "I am opposed to anything that automatically stores a browsing history just by engaging in normal browsing behaviors." Automatically saving tabs does that. Bookmarks do not.

To elaborate a little bit, any system that automatically saves tabs will store a history of the tabs you have loaded. That history will be updated every time a page is loaded and will persist even when the app is closed. This happens just by engaging in normal browsing behavior. This saved history is then prime pickings for devices and programs, whether local or remote, that want to harvest browsing history. If, for example, there is a malicious app loaded on the phone that can gain access to the data file that stores the save tabs (which is, unfortunately, not nearly as difficult as most people assume it is), it would be trivial to monitor that file, use it to populate an entire browsing history for the device, and exfiltrate that data to an offsite server.

Bookmarks, on the other hand, do not automatically create a log of all your browsing history. It is possible to engage in normal browsing behaviors and never populate a single bookmark. Users are free to create bookmarks for sites that are not sensitive while, at the same time, visiting sites that could get them thrown in jail in certain jurisdictions (like a civil rights activist in an oppressive regime) without bookmarking that site.

RE: How to save session/ keep tabs? - Added by hugo gogo over 1 year ago

thank you for the answer :)

ok, so if i understand well, the problem is the automatisme in stocking the history, not the existence of the history itself : we considere that the file stocking the history is not safe, so it musn't automatically be generated, we must have the control over its content.

then, it would be similar in term of security, to have a simple way of marking some tabs as the ones we want to reeopen for the next session, like a double tap on it, as it is done in vscode, isn't it?

RE: How to save session/ keep tabs? - Added by Soren Stoutner over 1 year ago

"then, it would be similar in term of security, to have a simple way of marking some tabs as the ones we want to reeopen for the next session, like a double tap on it, as it is done in vscode, isn't it?"

Any user can save any tab for the future by bookmarking it. It requires one swipe and two taps.

From time to time I receive requests by users to add various features that make things more convenient at the sacrifice of privacy or security. Usually when I explain why it sacrifices privacy or security they say something along the lines of, "Well, can't you add it as an option that is disabled by default that I can choose to turn on?" My answer is usually, "I only have so much development time, and I would like to implement all the features that increase the security and privacy of Privacy Browser before I start implementing features that decrease that security and privacy. There are so many browsers out there that are not focused on security and privacy that anyone can choose to use if they prefer. There ought to be at least one that puts security and privacy first."

Along those lines, I am fairly deep into the development of Privacy Browser PC (I am actually typing this on it right now, so it has reached the point in development where it is good enough to use for Redmine). It also doesn't have any form of session restore after it is closed and I find that isn't a feature I miss in any way. Hence, beyond the concept of bookmarks, I have no plans to ever implement any form of saved sessions on either Privacy Browser Android or Privacy Browser PC.

RE: How to save session/ keep tabs? - Added by hugo gogo over 1 year ago

thanks again for the great work :)

I don't really ask for the feature I was describing, it's rather to understand the security concerns about it. I don't feel the need for selected bookmarks that automatically opens in tabs.

I have another question though, about some sites that think I'm a robot because I use Privacy Browser, but I will create a new post for that :)

RE: How to save session/ keep tabs? - Added by Prince Cooper over 1 year ago

How about encrypted history database? So that only PB can decrypt that ? Many applications do this to their databases btw.

RE: How to save session/ keep tabs? - Added by Soren Stoutner over 1 year ago

The difficulties with an encrypted history are typically deeper than most people have thought through. Any scenario where an attacker could read an unencrypted database is also one where they could read any encryption key stored on the device that could decrypt an encrypted database. So, they only scenario where such an encrypted database would increase the security of the system would be one where the decryption key was never stored anywhere except RAM. And to add any level of security against offline brute-force attacks that could be performed by whatever attacker was able to gain access to and exfiltrate the encrypted database, the encryption key would need to be very long.

There aren't a whole lot of people who would get excited about having to type in a 256 bit decryption key every time they opened up Privacy Browser.

There is some explanation of what would be required to actually make it secure at https://redmine.stoutner.com/issues/721.

    (1-9/9)