Skip to content
GitLab
Projects Groups Snippets
  • /
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in
  • Tor Browser Tor Browser
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 828
    • Issues 828
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 4
    • Merge requests 4
  • Deployments
    • Deployments
    • Releases
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • Repository
  • Wiki
    • Wiki
  • Activity
  • Graph
  • Create a new issue
  • Commits
  • Issue Boards
Collapse sidebar
  • The Tor Project
  • Applications
  • Tor BrowserTor Browser
  • Issues
  • #40783
Closed
Open
Issue created Jan 18, 2022 by Pier Angelo Vendrame@pierovMaintainer128 of 154 checklist items completed128/154 checklist items

Review 000-tor-browser.js and 001-base-profile.js for 102

browser/app/profile/000-tor-browser.js may contain some old stuff that we could/should remove.

Also do any work outlined in #32759

001-base-profile.js

Convention: bold = we need to follow up.

  • intl.locale.requested
  • browser.search.update
  • browser.rights.3.shown
    • Remove! 😈️ (see comments)
  • startup.homepage_welcome_url, startup.homepage_welcome_url.additional
    • S131 might be interested
  • browser.aboutwelcome.enabled
  • startup.homepage_override_url
  • app.update.promptWaitTime
  • app.update.staging.enabled
  • browser.slowStartup.{notificationDisabled,maxSamples,samples}
    • Remove! 😈️ (see comments)
  • browser.disableResetPrompt
  • browser.privatebrowsing.autostart
  • browser.cache.disk.enable
  • permissions.memory_only
  • network.cookie.lifetimePolicy
  • security.nocertdb
  • dom.storage.next_gen
    • Remove! 😈️
  • browser.download.useDownloadDir
    • Remove the related checkbox? --> #40656
  • browser.download.manager.addToRecentDocs
  • signon.rememberSignons
    • Remove the related checkbox? --> #40656
  • browser.formfill.enable
    • Remove the related checkbox? --> #40656
  • signon.autofillForms
    • Remove the related checkbox? --> #40656
  • browser.sessionstore.privacy_level
  • browser.privatebrowsing.forceMediaMemoryCache
  • media.memory_cache_max_size
  • dom.security.https_only_mode
    • Add reference to the issue
  • dom.security.https_only_mode.upgrade_onion
    • Move to 000-tor-browser.js
    • Add reference to the issue
  • security.ssl.require_safe_negotiation
  • security.ssl3.dhe_rsa_aes_128_sha, security.ssl3.dhe_rsa_aes_256_sha, security.ssl3.ecdhe_ecdsa_aes_256_sha, security.ssl3.ecdhe_ecdsa_aes_128_sha, security.ssl3.ecdhe_rsa_aes_128_sha, security.ssl3.ecdhe_rsa_aes_256_sha, security.ssl3.rsa_aes_128_sha, security.ssl3.rsa_aes_256_sha
  • browser.send_pings
    • https://kb.mozillazine.org/Browser.send_pings
    • Still a thing, didn't even know about this thing from the specs
  • geo.enabled
    • Completely disable geolocation
    • Even part of legal terms!
    • Usage is through static prefs
  • geo.provider.network.url
    • Still used, but not sure we have a good reason to reassign it, since we are disabling geolocation in general (defense in depth?)
    • Keep it, or delete it?
      • My resolution: be coherent with the rest and keep it
  • browser.search.suggest.enabled
    • Still used, and synchronized with about:preferences#search (remove it from there?) --> #40656
  • browser.safebrowsing.*
    • All of them are still used
    • There are also additional preferences browser.safebrowsing.provider.* with URLs, see modules/libpref/init/all.js
      • Like geo.provider.network.url confuses me a little bit
  • extensions.ui.lastCategory
    • Still used, but I don't have a clue on why we use it, especially since when you go to about:addons you override it.
    • To be checked again
  • datareporting.healthreport.uploadEnabled and datareporting.policy.dataSubmissionEnabled
    • Used also in DisableTelemetry in browser/components/enterprisepolicies/Policies.jsm!
    • that function also sets toolkit.telemetry.archive.enabled, should we add it, too?
      • "This can only be enabled if unified is on."
      • My resolution: add it
  • toolkit.telemetry.unified, toolkit.telemetry.enabled, toolkit.telemetry.updatePing.enabled
    • Still used, see https://firefox-source-docs.mozilla.org/toolkit/components/telemetry/internals/preferences.html
    • That document contains a few preferences for GeckoView.
      • It is especially about the streaming API, which is an alternative mode to the regular one, disabling it doesn't seem to disable telemetry
      • My resolution: ignore them
  • default-browser-agent.enabled (Windows only)
    • Seems to be still used, and it's telemetry for engagement/marketing purposes: it checks users' default choices, even though they aren't Firefox.
    • It is also disk leak, since it schedules as a Windows task, and it needs to copy data to the registry!
  • identity.fxaccounts.enabled
    • Disables Firefox account/sync. Still many occurrences in the code.
  • services.sync.engine.*
    • Still used, but there are a few new preferences:
      • services.sync.engine.bookmarks
      • services.sync.engine.history
      • services.sync.engine.passwords
      • services.sync.engine.addresses
      • services.sync.engine.creditcards
    • They are synchronized with a sync.inc.xhtml panel, which we should be sure it is disabled
    • Should we keep them, and add the new ones, even though we find it's possible to completely opt out the synchronization with a more generic pref (like identity.fxaccounts.enabled)?
      • As usual, is it to be seen as a defense in depth?
      • My resolution: add them for now, and remove them in the future, if we decide we don't actually need them
  • browser.region.network.scan
    • "Include wifi data in region request."
    • Already disabled by default, but being explicit here seems a good idea
  • browser.region.network.url, browser.region.update.enabled
    • Still used, but unlike the previous ones, have other defaults
    • toolkit/modules/Region.jsm also contains browser.region.local-geocoding (already false), should we add it explicitly?
      • My resolution: yes add it
  • browser.tabs.remote.separatedMozillaDomains
    • Allows Mozilla-controlled webpages to access privileged features. Still used and we need to keep it empty.
    • See https://firefox-source-docs.mozilla.org/dom/ipc/process_model.html#privileged-mozilla-content
  • browser.urlbar.dnsResolveSingleWordsAfterSearch
    • "Did you mean to go to $host?"
    • https://firefox-source-docs.mozilla.org/browser/urlbar/preferences.html
    • Is S131 browser expected to be able to access the LAN? In case we might move this to Tor Browser-only.
      • Beware of possible fingerprinting: this question is asked with a notification box, which will make the letterbox change (related: #41433 (closed))
  • messaging-system.rsexperimentloader.enabled
    • Still used in toolkit/components/nimbus/lib/RemoteSettingsExperimentLoader.jsm
    • The same file also has app.shield.optoutstudies.enabled, should we add it?
      • They are used in the same if in init
      • My resolution: added, to be coherent with other prefs
      • Notice that you don't enable opting out, if you want to opt out you have to set it false 😐️
      • Anyway, it's already false currently, so yet another defense in depth
  • trailhead.firstrun.branches
    • Remove! 😈️ (see comments)
  • browser.newtabpage.activity-stream.asrouter.userprefs.cfr.{addons,features}
    • See above, too
  • network.trr.resolvers
    • Seems an old preference, and new network.trr.* exist, including one to set https://mozilla.cloudflare-dns.com/dns-query as the default TRR provider (see StaticPrefLiast.yaml`)
    • Compare with Firefox 78 and #40048 (closed).
    • My resolution: changed to network.trr.default_provider_uri
  • network.trr.exclude-etc-hosts
    • Still used, but we should explain why false actually is the right value for us
  • security.pki.crlite_mode
    • Might be interesting, though. The problem is telemetry/downloads from Mozilla (see #40048 (closed))
  • signon.management.page.breach-alerts.enabled
    • "Firefox displays critical alerts in the Lockwise password manager when a website is breached." (#40048 (closed))
    • Still used, disabled to prevent sending telemetry/data to Mozilla
  • extensions.fxmonitor.enabled
    • Old pref for Firefox 78 (#40048 (closed)), used in browser/components/fxmonitor/FirefoxMonitor.jsm, but then disabled in https://bugzilla.mozilla.org/show_bug.cgi?id=1696550 and removed in https://bugzilla.mozilla.org/show_bug.cgi?id=1712838
    • Remove! 😈️
  • signon.management.page.mobileAndroidURL and signon.management.page.mobileAppleURL
    • Part of lockwise ⚰, removed with b67b6138
    • Remove! 😈️
  • signon.recipes.remoteRecipes.enabled
    • Still used
  • dom.serviceWorkers.enabled and dom.push.enabled
    • Still used
  • webgl.disable-fail-if-major-performance-caveat, webgl.enable-webgl2
    • Still used
    • How do they help against fingerprinting?
  • gfx.downloadable_fonts.fallback_delay
    • #27258 (closed)
  • browser.startup.homepage_override.buildID
    • How does it help against fingerprinting? I guess it was added to the user-agent back then, but now Firefox always show the spoofed date. Or is it used also for telemetry?
    • We have a patch to browser/components/BrowserContentHandler.jsm realted to this pref (the updater). Shall we review it?
    • modules/libpref/Preferences.cpp contains a list of preferences that are fingerprintable, and therefore removed from child processes, should we have a look at them, too (especially extensions.lastAppBuildId).
  • browser.link.open_newwindow.restriction
    • Bug #9881 (closed): Open popups in new tabs (to avoid fullscreen popups)
    • https://kb.mozillazine.org/Browser.link.open_newwindow.restriction
    • Still valid
  • media.benchmark.vp9.threshold
    • "Set video VP9 to 0 for everyone (bug #22548 (closed))"
      • Is this still a valid reason?
    • Used as a static pref
  • dom.enable_resource_timing
    • "Bug #13024 (closed): To hell with this API"
      • Luckily enough timings are much more limited as a default, and 8 years ago was before spectre/meltdown. Check again the status of this, and add more reasons for which we should keep this?
    • Used as a static pref
  • privacy.resistFingerprinting
    • Lol. We should move this as the first one of the category?
    • My resolution: done it
  • privacy.resistFingerprinting.block_mozAddonManager
    • Thanks Mozilla 🙂 .
  • dom.webaudio.enabled
    • #13017 (closed)
    • Still used, also as a static pref
    • S131: what are the relations between this and WebRTC?
  • dom.webmidi.enabled
    • Done for 102 in #41398 (closed).
  • dom.w3c_touch_events.enabled
    • WIP, see #28535
  • dom.vr.enabled
    • Still valid; false by default also in Firefox (see StaticPrefList.yaml), but we disabled it explicitly in case Mozilla enabled it without us noticing.
      • Not reviewed, too, probably
    • #21607
  • security.webauth.webauthn
    • Reference: #26614, but if I understand correctly, this has never been audited! Disabled because we didn't audit, but then now followed up
      • Possible problem: we don't want this for Android because it depends on a proprietary dependency (that however might be replaced with a GPLv3 one)
    • In any case, the preference is still valid
  • dom.postMessage.sharedArrayBuffer.withCOOP_COEP
    • Still valid (used as a static pref)
    • Can we open #40016 again? I'm not satisfied by the way it was closed.
      • Maybe related: #17412 (closed), but problems might have been solved, see MDN
      • Also related: #40177 (closed)
  • security.remote_settings.intermediates.enabled
    • Still used. Interestingly enough, this is true by default only on Android
    • Disabled in #30682 (closed), but gk opened #40099 to follow up
  • dom.use_components_shim
    • Wow, Components.interfaces for sites is still a thing on Firefox 🙈
    • Related: legacy/trac#2874 (closed)
  • privacy.resistFingerprinting.letterboxing 🙂
  • dom.netinfo.enabled
    • Change the comment as Thorin suggested 🙂
    • The default is also false
  • network.http.referer.defaultPolicy
    • It sets the value that is already the default, but it does it only for non-PBM sessions (it takes for granted that PBM also has the same value). The reason was that it hasn't always been the default, see (#32948 (closed)).
    • Should we explicitly tell to do so in all modes? Or at least, should we update the description to tell it's a defense in depth?
      • My resolution: yes
  • network.http.referer.XOriginTrimmingPolicy
    • Recently updated, see #17228 (closed).
  • media.videocontrols.picture-in-picture.enabled
    • Disabled only because not yet audited
    • See #40147 and #40148 (closed)
  • network.http.referer.hideOnionSource
    • Move to 000-tor-browser.js
    • Original issue: #22320 (closed)
  • network.http.windows-sso.enabled
    • #40463 (closed)
    • We should remove the related checkbox in about:preferences --> #40656
  • dom.enable_event_timing
    • #40383 (closed)
    • Minimum is 16ms and rounded by 8ms; if we decided that we lost the war against time measurements we could even re-enable this.
  • dom.textMetrics.actualBoundingBox.enabled, dom.textMetrics.baselines.enabled, dom.textMetrics.emHeight.enabled, dom.textMetrics.fontBoundingBox.enabled
    • Not sure of the original issue, but it seems it arrived with 91.2 ESR update. In any case, it's enough obvious why we need them 😉
  • pdfjs.enableScripting
    • Added recently (#40424 (closed)), we should add the reference also to the file
  • javascript.options.large_arraybuffers
    • #40177 (comment 2758404)
    • Basically, don't expose 32-bit. Unless there's another way to do so now.
  • browser.display.use_system_colors
    • Added recently, but might need more work in the future, see #40057
  • privacy.firstparty.isolate
  • privacy.partition.network_state
    • #40308 (comment 2723512)
    • Check again and/or update the comment
  • network.cookie.cookieBehavior and network.cookie.cookieBehavior.pbmode
  • network.predictor.enabled
    • temporarily disabled #16633 (closed) and #21657
  • privacy.purge_trackers.enabled
    • Update the issue number to the correct one (#40220 (closed))
    • Check what GeckoView does (see the issue)
    • Not sure on why we don't want this...
  • network.dns.disablePrefetch
    • Do we need also network.dns.disablePrefetchFromHTTPS?
      • My resolution: yes, even policies disable both
  • network.protocol-handler.*
    • More details in #25559 (comment 2846617)
  • network.proxy.allow_bypass
  • network.http.tailing.enabled
  • network.http.http2.*
  • network.gio.supported-protocols
    • Add the reference to the bug number (#23044 (closed))
  • media.peerconnection.enabled
    • S131: This is for WebRTC, should we move it to Tor Browser?
  • media.gmp-provider.enabled, media.gmp-manager.url.override and media.gmp-manager.updateEnabled
    • They are okay, but we might use them for S131 stuff, so we should add them to our notes somewhere
    • There's also a related ticket: #15910 (add it to the pref file - added)
  • browser.eme.ui.enabled, media.gmp-widevinecdm.visible, media.gmp-widevinecdm.enabled, media.eme.enabled, media.mediadrm-widevinecdm.visible
    • All still used, but to track for S131, too
    • However, I wouldn't remove them and add them back to Tor Browser, I would keep them and then remove in S131's branch, so that base-browser remains unencumbered
  • devtools.webide.autoinstallADBExtension, devtools.webide.enabled
    • Remove! 😈️ (see comments, basically webide isn't a thing anymore)
  • devtools.debugger.chrome-debugging-host
  • network.file.disable_unc_paths
  • network.file.path_blacklist
    • Cannot find our related issue, but found c6cbbca9. However, everything is explained in Bugzilla (and wow, I didn't know about file:///net).
  • svg.disabled
  • mathml.disabled
  • svg.context-properties.content.allowed-domains
  • security.ssl.enable_false_start
    • Still a thing, but I think we could review the TLS preferences
    • Couple of related issues: #18274 (closed) #28536 (closed)
  • network.http.connection-retry-timeout
    • We set 0, which means "do not use a second connection"
    • Only Tor Browser, if still needed (see legacy/trac#7656 (closed))
      • Moved, and follow up in the performance issue (#32759)
  • network.manage-offline-status
    • To avoid phoning home? I found the related bug #18945 (closed), but not the exact reason.
  • network.captive-portal-service.enabled and network.connectivity-service.enabled
    • Still used, and okay both for Tor Browser and base-browser. S131 might want something different, and maybe customize network.connectivity-service.IPv{4,6}.url
  • dom.push.serverURL
    • Add the reference to the issue (#18801 (closed))
  • extensions.autoDisableScopes
    • "If the add-on is a foreign install and is in a scope where add-ons that were dropped in should default to disabled then disable it"
    • We use scope 0, i.e., we don't disable any addon (why? Is this because of HTTPS-E ⚰ and NoScript?)
  • extensions.bootstrappedAddons
    • Already obsolete in 68 (#30845 (closed)).
  • extensions.checkCompatibility.4.*
    • Remove! 😈️
  • extensions.databaseSchema
    • It's still recognized, for XPI stuff... But why are we using it? I'd like to remove it, if possible.
  • extensions.enabledScopes
    • We allow also SCOPE_APPLICATION, is it for NoScript? Default scope is profile, otherwise, but I am not sure on how the whole thing works, since Mozilla bundles addons, after all, like the screenshots
  • extensions.pendingOperations
    • This is used by Firefox to do things, why are we setting its default, that Firefox will change it anyway?
  • extensions.getAddons.showPane, extensions.htmlaboutaddons.recommendations.enabled
    • Still used, the former has even a policy
  • extensions.webextensions.restrictedDomains
    • I'd like a second audit on it, opened an issue to follow-up (#41445)
  • extensions.postDownloadThirdPartyPrompt
    • Show the prompt to install addons even though they are "recommended by Mozilla"
    • Recommended by Thorin in #40177 (closed)
  • intl.multilingual.downloadEnabled
  • browser.uiCustomization.state
    • #13318 (closed), #13378 (closed), #16510 (closed)
  • security.cert_pinning.enforcement_level
  • security.osclientcerts.autoload
    • Great move: #33534 (comment 2683533)
  • security.family_safety.mode
  • security.enterprise_roots.enabled
  • security.certerrors.mitm.priming.enabled
  • gfx.offscreencanvas.domain-enabled, gfx.offscreencanvas.domain-allowlist
  • browser.share_menu.allow
  • browser.urlbar.suggest.topsites
  • browser.urlbar.update1.{interventions,searchTips}
    • Remove! 😈️ (see comments)
  • corroborator.enabled
    • Add the reference to the issue (#40048 (closed))
  • taskbar.grouping.useprofile
    • "If marked as such in prefs, use a hash of the profile path for the id instead of the install path hash setup by the installer."
    • S131 might want a different value (provided it's still useful, after we disable the items)
  • browser.taskbar.lists.enabled, browser.taskbar.lists.frequent.enabled, browser.taskbar.lists.tasks.enabled, browser.taskbar.lists.recent.enabled
    • Good, but for ESR115 we'll have to test the new things about private mode that arrived recently

000-tor-browser.js

  • app.update.notifyDuringDownload
  • app.update.url.manual
  • app.update.url.details
  • app.update.badgeWaitTime
  • app.releaseNotesURL
  • app.releaseNotesURL.aboutDialog
  • app.feedback.baseURL
  • browser.shell.checkDefaultBrowser
  • network.proxy.socks
  • network.proxy.socks_port
  • network.proxy.socks_remote_dns
  • network.proxy.no_proxies_on
  • network.proxy.allow_hijacking_localhost
  • network.proxy.type
  • network.proxy.failover_direct
    • Used as a static pref
  • network.security.ports.banned
  • network.dns.disabled
  • network.http.max-persistent-connections-per-proxy
  • browser.uiCustomization.state
    • Should we make sure it's only in one place? I.e., delete the one from 001-base-profile.js once we add the one in 000-tor-browser.js? (but I haven't compared them, yet)
  • browser.uiCustomization.state
  • network.http.http3.enabled
  • torbrowser.version
  • Review the old torbutton/torlauncher preferences (we have another issue for that)
Edited Nov 16, 2022 by Pier Angelo Vendrame
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information
Assignee
Assign to
Time tracking