Location sharing policies and private browsing

How do you expect the two browser features “Always share my location with example.com” and “private browsing” to work together? It might not work as you expect.

Private browsing will not store any record of the sites the users visit on their system. However, users also expect something else: privacy. Browsers take some measures to ensure this. Sites don’t have access to their cookies and other stored data points in private mode. Safari even enables the controversial Do Not Track header[1] in this mode.

Browsers give users control over sensitive input sources through permission prompts. A dialog will ask for permission before allowing a site to use the user’s microphone, camera, or location.

Location permission policies in browsers

Browser “Allow” means “Always allow” “Always allow” includes private mode Lifetime of “allow once”
Chrome 30 yes yes window session
Firefox 24 no yes tab session
Internet Explorer 11 no no tab session
Safari 7 no only once or optionally for 24 hours
Opera 17 yes no window session

Safari has the most unusual solution. It will prompt the user for permission once per location request. Optionally, the user may allow a site to keep those permissions for one day. When choosing the one-day permission option, the location is available to the site in regular and private mode alike.

Google Chrome and Opera don’t have granular or duration controls in their user interfaces. When a user has chosen to share location data with a site, that site retains the permission forever. Denying will prompt again for the next request from the site. The other browsers all separate between “allow for one session” and “always allow”.

Google Chrome and Firefox will give sites that users have always allowed access to their location even in private mode. This is troublesome in Chrome’s case, since it also defaults to always allowing sites instead of allowing once.

Depending on your web browser of choice, you may not be getting the privacy you were expecting.

All tests were performed on OS X 10.9. Except for Internet Explorer, which was tested in modern mode on Windows 8.1 RT.

[1] A proposed Internet standard for transmitting a signaling an opt-out preference to site operators and advertisers. The signal conveys that the user doesn’t want targeted advertisements nor like being tracked. See the EFF’s DNT issues page.