[tbb-bugs] #27268 [Applications/Tor Browser]: preferences cleanup
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Oct 11 05:28:06 UTC 2019
#27268: preferences cleanup
--------------------------------------------+--------------------------
Reporter: rzb | Owner: tbb-team
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: ff60-esr, TorBrowserTeam201809 | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------------------------+--------------------------
Comment (by tom):
Replying to [comment:17 Thorin]:
> **RFP Redundant**
> - `dom.enable_resource_timing` & `dom.enable_performance`
> * check with tom, 100% sure this is covered by tom's RFP
reduceTimerPrecision prefs
> * not sure if RFP ''overrides'' these: i.e disabling the API vs
rounding it: for all I know you might be causing perf issues: ask tom :)
With RFP set, all of these timestamps will be clamped/jittered.
Additionally, RFP has the behavior of setting dom.enable_performance to
false (so you don't need to set that pref.)
However RFP does not have the same behavior for dom.enable_resource_timing
- so you may want to disable that explicitly.
> **RFP Redundant Part 2**
> - **NOTE**: RFP overrides these, some are deprecated AFAICT (e.g
vendor), current values are out of sync with ESR68, and maintaining it is
extra work
> - `general.appname.override`
> - `general.appversion.override`
> - `general.oscpu.override`
> - `general.platform.override`
> - `general.productSub.override`
> - `general.buildID.override`
> - `general.useragent.vendor`
> - `general.useragent.vendorSub`
Yeah all of these should be deleted from tor's js file. With RFP enabled
they do nothing.
> **RFP Redundant Part 3**: probably changes fingerprint, maybe entropy
> - `dom.netinfo.enabled` - https://bugzilla.mozilla.org/1372072
> * this pref disables the API: you get an error or "undefined"
> * the pref is only default true on mobile: RFP returns "unknown"
> * so removing the pref would create two buckets: mobile vs desktop
RFP ought to return one value for all situations, right? (I have no
verified.)
> - `media.webspeech.synth.enabled` - https://bugzilla.mozilla.org/1333641
> * same thing: disabling vs spoofing
> * needs double checking: but the new FP is universal AFAIK
I don't remember what RFP does to this one.
> - `media.video_stats.enabled` - https://bugzilla.mozilla.org/1369309
> * same thing: disabling vs spoof
> * needs double checking: some RFP values are the same, some are
bucketized so **may** create more entropy: check with tom
RFP should give the same results for all users. The value is dependent on
the playback time of the video however. (e.g. you'll get a different
answer for 1 second vs 10 seconds into the video.)
> - `dom.gamepad.enabled` - https://bugzilla.mozilla.org/1337161
> * RFP hides gamepad from content
> * not sure if the FP changes and is universal
Setting this pref to false removes the objects from the DOM; setting RFP
just always reports "No gamepads."
Great list.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/27268#comment:18>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list