Bookmark URLs remain in places.sqlite (?)

[Ryo501]

I don’t know if this is a bug due to the way the bookmark api works, but when the bookmarks are loaded into the browsers places.sqlite file they are loaded into two tables the moz_bookmarks and moz_places. I used DB browser for SQlite to view the db file and watched the changes. When Private Bookmarks locks it only removes the content from the moz_bookmarks but the full urls remain in moz_places. This means that if someone wanted to see your possible "bookmarks" mainly your history all they need is to download one program and google where firefox stores bookmarks. Only way to remove the urls is to clear data every time as even setting firefox to never remember history doesn’t remove the urls.

Not a big issue, a least for me, I just thought you would like to know (if you didn't already).

Windows 10 Home, version = 1803, OS build = 17134.167 (64-bit) firefox version = 61.0.1(64-bit) Software used = DB browser for SQlite

[rharel]

Thanks for letting me know, I was unaware the bookmarks api does not perform a complete delete. Unfortunately this issue needs to be fixed on the Firefox side. Even though the license already says so, I think in light of your findings I will put up an additional disclaimer at Private Bookmark's description page on AMO tomorrow so users are aware this extension does not guarantee complete privacy.

[Ryo501]

Your welcome, I just figured that since you are going through the trouble of trying encrypting data I thought you should know the privacy issue. Otherwise I do like the addon.

[rharel]

So I finally had some time to investigate this weekend, and I can indeed reproduce. But, for me the entries are deleted once Firefox is closed. This may be influenced by the user's clear-data settings in Firefox' options I'm guessing? Hard to tell.