Private windows not all that private
-
I'm currently doing an online course that sometimes requires me to login to the same service with simultaneous sessions using different IDs.
I was quite surprised when I learned that all private tabs and windows in Vivaldi share a single, global context! I.e. if I login using one set of credentials (let's call it user A) in a private window, then open another tab or window and login to the same service using a different set of credentials (user B), I find that my login in the first private window has now changed to that of user B!
This was not at all expected from something called a "private window": At the very least I expected different private windows to have their own, separate contexts, and to be honest I expected this separation to hold true even for tabs in the same "private" window - as it works now it hardly merits the "private" label.
After a few, otherwise happy, months of getting to know Vivaldi (being a long-time Opera user until the functional "nerfing" when Presto was ditched), this came as something of a shock and has put a huge dent in my trust in Vivaldi.
Is this really how "private windows" is intended to work in Vivaldi?!?
-
@Zathras hi, private windows are meant to just be for temporary use. You could try profiles if you want truly separate browsing.
-
@LonM - well, my use case is temporary; the issue is the lack of isolation between "private" windows/tabs.
I wasn't aware of profiles... I had a quick look and my immediate thoughts are:- Limited to a single guest session
- I could create a couple of "lab" profiles for the purpose; it's (slightly) less convenient than proper private sessions as they would keep cookies from previous labs and thus add an extra step to switch out of the previous lab session/credentials
Also, what is the difference between "private" windows and "guest profile" windows?
In any case, after some experimentation it seems a guest window + a "private" window started from the guest session will cover my needs for now. Feels like a kludge, but saves having to fire up another browser.
Cheers!
-
I've also run into this issue. I moderate another forum and occasionally need to sign in with multiple accounts + view the site as guest. Last time I tried this setup:
- Normal window: My moderator account
- Private window 1: My second account
- Private window 2: Viewing the forum as a guest
However, when I opened "Private window 2", it was already signed in to my second account and signing out caused "Private windows 1" to also be signed out.
Personally, I (and @Zathras, it sounds like) would prefer if each private window had its own context entirely. I'd rather not have to use multiple Vivaldi installations, multiple different browsers or multiple profiles to be able to do this. (In the case of multiple profiles the issue is that I still want access to everything I have on my main profile.)
-
agree, it works very weirdly, and i think i saw it mentioned on forum several times.
also if you for example launch browser without flags for ui inspection, and then launch another instance with the flags, you still won't be able to inspect ui. it works the other way around too.coming from firefox i'm not sure if this is a chrome thing as i've never used it, but it sure feels wrong, such stuff crossing the process boundary is a huge nono for me.
-
I may be way beyond my depth here, but if an external web site receives a request from an already logged-in IP address with the same "user agent" string, how can they know if you used a new tab or new window or private window to send it? I'm not aware of any way...
What I've noticed is that even in a private window without having been already logged-in, and without providing them with any new identity clues, Amazon recognizes me! I have to assume they are combining my fixed WAN IP with my user agent and digging me out of their history.
I haven't tested all the corners of this in detail, but it is clear that if I really want privacy I use Tor.
-
@LorenAmelang sites are not logging you in based on your ip, that would be terrible, think about all the internet cafes and shared ips
they log you in based on cookies they set and those should be kept separate for separate instances of private windows, at least that was a practice. -
@MaxKarlErnst I wasn't logged into Amazon and hadn't been in weeks. They recognized me anyway. So Vivaldi "private" windows show sites your existing cookies? That's scary... Looks like maybe - I just deleted all Amazon cookies and used a new private window, and they didn't obviously recognize me, not even my location. Looks like the private window didn't set any new cookies - is that possible?
Still, however they recognize you, is there a way they can know from the server end if your browser is going to display the page in an existing tab or a new tab or a new window?
-
I always thought, that private windows are the same as the now-a-days guest profile except that you have your bookmarks and some settings enabled
-
This is an issue with Chromium (https://bugs.chromium.org/p/chromium/issues/detail?id=24690). BTW Firefox has the same issue.
-
@MrBlueSky An issue open since 2011! That will probably never be handled. But I appreciate knowing the details of the mechanism behind the problem...
-
@LonM said in Private windows not all that private:
private windows are meant to just be for temporary use
As far as my limited knowledge will take me I believe this to be true.
A developer friend of mine told me a few years back that "private windows are just regular windows which should clear browsing data (cookies and cache) when the browser is closed".
I trusted him and have since always treated them as such. -
@greybeard said in Private windows not all that private:
"private windows are just regular windows which should clear browsing data (cookies and cache) when the browser is closed".
Exactly. Private windows are a "user friendly" way to surf porn without your SO/parents/kids finding the "spills" in browser history later.
People should quit treating them like the Holy Grail of Privacy. They're not going to stop Facebook spying on you. The only way to stop Facebook spying is to delete your Facebook account.
-
@Pathduck said in Private windows not all that private:
@greybeard said in Private windows not all that private:
"private windows are just regular windows which should clear browsing data (cookies and cache) when the browser is closed".
Exactly. Private windows are a "user friendly" way to surf porn without your SO/parents/kids finding the "spills" in browser history later.
I would say it's way more than that, as it won't use your 'regular' window cookies, it's more a kind of "I'm running another browser" as in "I need to login with the same portal with a second account for a moment and I don't want to logout-login-logout-login to do that". I do this all the time.
Of course I didn't ever notice a second private window would share context with the first private window, as I never ever needed two private windows... ... I'll keep that in mind from now on. -
@Pathduck From a developer / tester perspective I find it more useful that private windows will, by default, not have any extensions running in them.
-
I would say that "private window" is a misnomer. As somebody said in this thread, it's nothing but a "temporary profile".
In other words, there are these different elements:
- Different profiles don't share information.
- Temporary profiles inherit less from the main profile than regular profiles.
- A temporary profile is erased after closing the last window of the profile.
- It would be nice if each tab could be associated with a different profile.
Item 4 may be hard to implement. Otherwise, it would be nice if we can create multiple temporary profiles easily.
Therefore, a workaround to the original problem (the need to log in to the same site with multiple user accounts) is to create multiple profiles and delete them afterwards.