I’m a Qubes-Whonix user. I would like to be able to disable private browsing mode in some of my single-purpose VMs, so that I can quickly restore my previous session including tabs and cookies. By single-purpose VM, I mean I would only use that VM to visit one or two specific sites I visit frequently, and would only use one identity or set of credentials. I would of course leave private browsing mode enabled in VMs that I use for general everyday browsing or sites I don’t visit frequently.
I was wondering what risks might be associated with doing this. For sites where I’m signed in or otherwise identifiable, I don’t think it would create any new risks with regards to pseudonymity, because restoring a session is no less anonymous than signing into the same account every time. Since the VM would only be used for one or a small number of related sites, I don’t think it would create any cross-site fingerprinting risks, possibly except for one important caveat.
In theory, HTTP is a stateless protocol, so closing the browser and then restoring it with the same cookies would, theoretically, appear to the site the same as closing a tab and reopening it, or putting the computer to sleep and then resuming. However there are probably ways sites can differentiate between the two, especially if you’re also restoring tabs and not just cookies.
So I have a feeling this might create a cross-site, cross-VM fingerprint like “tor browser users who have disabled private browsing mode.” If so, this could potentially link your identity between different single-purpose VMs, if the sites collude or load assets from the same entity.
However, I’m wondering whether the risk really important enough to justify the inconvenience of private browsing, and also if there are any other risks I may not of thought of. I’m just looking for second opinions, so any input would be helpful.