the current threat model for private browsing mode doesn't include
network attackers and is very limited in scope.
another very common MITM situation is a captive portal on public wireless.
personally, i'm reluctant to conflate network attacks with private browsing mode,
i believe it's already difficult for users to understand what private browsing
mode does and doesn't protect against and i think this would make it more so.
IMO, it would be more productive to focus on captive portal detection
and more specific/differentiated SSL warnings for all browsing modes.
thanks,
ian
_______________________________________________
dev-security mailing list
dev-se...@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security