[cesarb]

> Change to extensions in Private Windows: Any new extensions you add to the browser won’t work in Private Windows unless you allow this in the settings.

Does this mean that adblocking (and other safety-related) extensions will suddenly stop working on private windows, unless the user knows it has to go to the settings and enable them again?

[cbsks]

No. The extensions that are already installed will still work in private windows. It’s only newly installed extensions that are disabled in private windows by default

[Grue3]

That still doesn't solve a problem of a user installing the browser for the first time, installing adblock, then going to a porn site in private mode and getting a faceful of malware-ridden ads. Who thought this is a good idea?

[callahad]

It's not perfect, but there are prominent prompts about this when you install an add-on for the first time and when you open a private window. Screenshots at https://imgur.com/a/d4ZnAHI

[DCoder]

If you flip the setting, that doesn't solve a problem of a user installing the browser for the first time, installing an extension like Stylish †, going to a porn site in private mode and getting their private browsing history leaked to the extension operator together with their regular history. Who thought that is a good idea? :)

† Stylish is a … special case [0]. But see also hypothes.is or any other extension that relies on a "user-created content store".

[0] https://robertheaton.com/2018/07/02/stylish-browser-extensio...

[recursive]

No one thought that was a good idea. The good idea is to prevent add-on authors from stealing private browsing history.

[jszymborski]

I believe this is also an attempt to block fingerprinting.

[Scarbutt]

They are always following chrome's tail.

But anyway, the reason probably is that some extensions are abusive of personal data and you don't want them sniffing stuff in private browsing (with out your persmission).

[octosphere]

> Does this mean that adblocking (and other safety-related) extensions will suddenly stop working on private windows, unless the user knows it has to go to the settings and enable them again?

Looks like it, although if you don't know how to configure your extensions, then why even use them in the first place?

Chrome has been doing this for a while now. You have to check the 'Allow in incognito' button for the extension to work in private mode.

[jplayer01]

> Looks like it, although if you don't know how to configure your extensions, then why even use them in the first place?

Because uBlock Origins et al. are incredibly useful for your average internet user who know fuck all about configuring extensions but benefit far more from it? What is this unnecessary elitism?

Sane defaults are really important for people who don't know anything about the internet, much less privacy or security (see any number of examples of ad networks delivering malware). Adblocking not working in private mode isn't a sane default. The vast majority of people have no idea what any of this means or how to do any of this. Doesn't mean they're any less deserving of protection.

[octosphere]

> Sane defaults are really important for people who don't know anything about the internet

That's fair. I apologize for sounding elitist. I guess you could say I am a bit biased here because although sane defaults are ultimately worth shipping, there exists the tinkerer types who love nothing more than configuring and customizing their addons.

> Adblocking not working in private mode isn't a sane default

Perhaps you are right about AD-blocking addons. You typically want them in normal browsing mode and private mode, but it's the mountain of other addons which spy on users that users have to worry about. I don't have to worry because I inspect the code of addons before installing (more elitism in practice). I have spotted a few in the wild that covertly send your browsing history and other details to a remote server (Yes, I reported them).

[recursive]

They are being protected. Protected from malicious plugins sniffing their private browser activity.

[bepvte]

Previously installed extensions before this update will not be disabled automatically, only new ones

[jobigoud]

I'm interested in the rationale behind this default. What about extensions make them a possibly bad fit for incognito mode?

[DCoder]

The fact that they can still hoover up your browsing data the same way as in normal mode.

Google Chrome has defaulted to disabling extensions in incognito mode as long as I can remember:

> Allow in incognito [ ]

> Warning: Google Chrome cannot prevent extensions from recording your browsing history. To disable this extension in incognito mode, unselect this option.

[octosphere]

It probably has something to do with (some) extensions not being very privacy friendly. Some extensions spy on the user in return for the utility the extension provides (remember the Stylish addon fiasco recently?). I'm not certain of the reasoning behind the decision. Also: it's possible to enumerate/detect what addons are installed in a browser with javascript (and thus fingerprint the user), although I think that bug was patched in Firefox and Chrome.

[rasjani]

What addons are installed is one criteria of bowser fingerprinting.