How do you expect the two browser features “Always share my location with example.com” and “private browsing” to work together? It might not work as you expect.
Private browsing will not store any record of the sites the users visit on their system. However, users also expect something else: privacy. Browsers take some measures to ensure this. Sites don’t have access to their cookies and other stored data points in private mode. Safari even enables the controversial Do Not Track header[1] in this mode.
Browsers give users control over sensitive input sources through permission prompts. A dialog will ask for permission before allowing a site to use the user’s microphone, camera, or location.
Location permission policies in browsers
Browser | “Allow” means “Always allow” | “Always allow” includes private mode | Lifetime of “allow once” |
---|---|---|---|
Chrome 30 | yes | yes | window session |
Firefox 24 | no | yes | tab session |
Internet Explorer 11 | no | no | tab session |
Safari 7 | no | only once or optionally for 24 hours | |
Opera 17 | yes | no | window session |
Safari has the most unusual solution. It will prompt the user for permission once per location request. Optionally, the user may allow a site to keep those permissions for one day. When choosing the one-day permission option, the location is available to the site in regular and private mode alike.
Google Chrome and Opera don’t have granular or duration controls in their user interfaces. When a user has chosen to share location data with a site, that site retains the permission forever. Denying will prompt again for the next request from the site. The other browsers all separate between “allow for one session” and “always allow”.
Google Chrome and Firefox will give sites that users have always allowed access to their location even in private mode. This is troublesome in Chrome’s case, since it also defaults to always allowing sites instead of allowing once.
Depending on your web browser of choice, you may not be getting the privacy you were expecting.