GNOME Bugzilla – Bug 150680
Epiphany Privacy and Security Issues
Last modified: 2009-01-19 20:20:37 UTC
Two days ago, a friend had access to important banking transactions I had conducted over the Internet. I had used Epiphany to conduct these transactions earlier. I'll try to explain, how I think the breach occurred. Epiphany stores the history of URLs visited, as well as cookies over time. I have no idea for how long. I am assuming my friend was able to use the back button, I'd like to believe inadvertently, to reach my bank's website where my user-name was already present in the user-name field. This is where it gets clumsy. I must have mistakingly asked Epiphany to store my password, or the cookies must have given him direct access to the transaction pages in question. Either way, he was able to access my private information and a potentially catastrophic security breach had occurred. I'd like to suggest improvements I think will prevent privacy and security breaches using Epiphany in the future. They are follows: 1). Provide users with a means to limit the lifetime of cookies to sessions only. Firefox, Mozilla, Internet Explorer and Safari provide such privacy options. 2). Provide users with a means to control the amount of visited URLs stored in Epiphany. This should be set to Zero, or a small number, by default for security purposes. 4). Provide a panic feature or option which deletes visited URLs, cookies stored on the system, passwords stored in Epiphany and Epiphany's cache when epiphany is closed or terminated. {*I think this is a needed security solution/option*} 5). Make the default behavior of Epiphany never store passwords. Nobody reads the dialog (password)option Epiphany pops up. Users will just click whatever button appears in front of them to get rid of it. Users who are tired, distracted or are not concentrating will also inadvertently hit the wrong button. And there is no user visible way to undo the action. If users need to store their password, let them do so explicitly via the Epiphany's preferences. But avoiding the dialog altogether is most effective. I hate to think what will happen if I had accessed my bank information at a public cafe using Epiphany. I don't even know of any insurance company that covers loses from software hindsight. And I doubt the cafe entrepreneurs will claim liability. Finally, I would also like to encourage the Epiphany developers to add security as a top priority/goal in addition to its widely popular goal of being simple to use. I look forward to your feedback. Thank you for a great browser.
Bugs which are somewhat related are bug 130072, bug 145755, bug 145386 and bug 148314.
*** Bug 150681 has been marked as a duplicate of this bug. ***
Perhaps the "Store" button on the store your password screen should not be the default action. The default action should be not to.
Mass reassigning of Epiphany bugs to epiphany-maint@b.g.o
Possible fix: avoid storing https:// sites in the history.
I think Jerry Haltom has a good point: the default should be NOT to save the password.
I think that has been the default for a long time now. Is that enough of a workaround?
Closing this bug report as no further information has been provided. Please feel free to reopen this bug if you can provide the information asked for. Thanks!