December 08, 2006

The Law Of Unintended Consequences Strikes Again

Dude is engaged. Dude doesn't want Chick to know he's traipsing around on Swinging websites, so he specifies 'Never save passwords on this site' when Firefox asks him at login.

Chick uses same computer later. Chick originally specifies 'Don't save this password' when logging in to a (presumably non-sleazy) website, but changes her mind and goes into Password Manager to fix it.

Chick sees Dude's 'Never Save Password' site list.

Chick and Dude are no longer engaged.

The best part of this story? How I heard about it: from a Mozilla bug report!

This privacy flaw has caused my fiancÚ and I to break-up after having dated for 5 years.

Basically, we share one computer but under separate Windows XP user accounts. We both use Mozilla Firefox -- well, he used to use it more than I do but now we don't really use it. The privacy flaw is this: when he went to log-in under his dating sites (jdate.com, swinglifestyle.com, adultfriendfinder.com, etc.), Mozilla promptly asks whether or not he'd like Firefox to save the passwords for him. He chose never, obviously. However, when he logged off his user account, and I logged onto my Windows XP account X amount of days later . . . Firefox prompted whether or not I'd like it to save my password for logging into my website. I chose never and changed my mind. I went into the Password Manager to change the saved password option from Never to Always and that's when I saw all these other sites that had been selected as "Never Save Password." Of course, those were sites I had never visited or could ever dream of visiting.

Then I realized who, how and what... and sh*t hit the fan. Your browser does not efficiently respect the privacy of different users for one system.

Here's the head-scratcher from my perspective: the woman wrote a bug report on the 'feature' that allowed her to determine her betrothed was a sleazebag BEFORE marrying him (as an aside, the comment thread on the bug report is pretty damn funny too), on the grounds that it failed to maintain his privacy.

I wonder if Dude has any idea what he just lost.

[H/T comp.risks]

Posted by Chris at December 8, 2006 05:12 PM

Category: Damn, That's Funny
Comments

Hey, She did the right thing. She took advantage of the info she got, and she reported the bug.

Chances are, in the long run, she'll benefit more from a bug-free firefox than from inadvertent information exposed this way.

Now let me tell you a story, quite relevant to this. To see it, pls check my blog this sunday (dec 31), http://precision-blogging.blogspot.com
(Sorry, it's just too juicy to post it here.)

[Oh, Mr. Dangerous Logic: allow me to assure you that I AM the author of this comment.]

Posted by: Tobias D. Robison at December 29, 2006 12:34 PM

[I'm not terribly worried about uncontactable pseudonymage from somebody on my blogroll :)]

She certainly did the right thing, which is why I wondered whether Dude knew what he lost. Most women I know would have stopped after "took advantage of the info she got."

Posted by: Chris of Dangerous Logic at January 2, 2007 09:25 PM