User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/38.0.2125.122 Safari/537.36 Build ID: 20141013200324 Steps to reproduce: Set up Firefox like the following: 1) Go to Preferences -> Privacy tab: 2) Enable custom settings for history. 3) Enable "Always use private browsing mode" checkbox. 4) Firefox will request restart - restart it. 5) Go to Preferences -> Privacy tab again. 6) Enable "Accept cookies from sites" option (otherwise to many sites will not operate correctly). 7) Close settings. 8) Go visit some sites which are setting cookies. 9) Make sure that browser remembers cookies for this session by revisiting site (or using sniffer, etc) 10) Now try to see cookies in Firefox, e.g. via view page info -> security -> View Cookies button or via "Show Cookies" buton in Preferences -> Privacy, etc. 11) Make sure that no cookies are shown so you can't delete them (while browser still keeps sending them!!!). 12) Try to hit something like Ctrl-Shift-Del to invoke history cleanup. 13) Make sure it would not appear using these settings. Actual results: When this mode supposed to be private, cookies can be set by server but then there is absolutely no way to get rid of these cookies except via restarting browser. Same problem seems also affect cache since there is no way to reset cache (some web sites can use it to track users as well, e.g. by setting personalised ETag headers, etc). Needless to say, it makes whole "private" mode much less private than it should be and it mostly useless as either you can't accept cookies at all or you can't get rid of cookies without restarting browser, no matter what, because browser is not willing to do anything about cookies or cache in this mode while actually it reminds cokies. Expected results: Maybe browser should allow cookie management for "temporary" cookies in this mode. Same goes for cache. Or it could be wise to discard temporary cookies/cache once particular tab is closed (can be more tricky if more than 1 tab from same site opened). Right now using "private" mode can lead to blatant privacy violation where browser keeps cookies but does not displays them and there is no easy way to delete them at all except by browser restart. And its not like if most web sites are going to work if you do not accept cookies, so choice is between totally broken attitude and very unobvious and nasty tracking via temporary cookies where user can't see or delete them at all. Not to mention some extra stuff that: * Setting persistent data in web storage allowed by default, there is no warnings and no sane control similar to cookies and there is no prob to place "cookies equivalent" via web storage. Somehow Mozilla does not cares about it while mumbling something about Tor. * Somehow just visiting your web page makes browser to report to some "optimizedly CDN" and Google. Are you sure you care about privacy? Just visiting your site makes two third party entities aware of my visit for no real reason. Are you sure you're as "independent" as you claim??? * Firefox collects unimaginably huge amount of data about system and so on and can attempt send these to Mozilla servers. I think such attitude is inherently hostile to user's privacy.

NB: user agent is fake. Really it is Firefox 33 under Ubuntu.

Not a security bug that needs to remain hidden. I believe that the cookie UI always uses the "normal" cookie jar. I don't know whether it's possible to switch it to the private-browsing cookie jar in some cases. Gavin does this sound like something we should try to fix?

Feel free to unhide it then - it does not looks like I can do it. And as for me, all mumbling about Tor support in FF would be nuff void as long as there are bugs like this are lurking around. From user's perspective: program makes it to look like if I'm not tracked. Deep investigation uncloaks I am actually tracked AND unable to get rid of cookies. And program has lied to me. This can put users under certain privacy risks without any visible warnings. Ironically, users running under such settings have explicitly requested private mode so I believe it is fundamentally wrong behavior. Its not a behavior I want to see in private mode. NB also fixed OS to Linux as its what I use. I do not have any win7 machines and have no idea how it affects this OS.