Disable pagethumbnails capturing

TB doesn't set this. AFAICT (@fabrizio did some digging) this is only ever exposed in privileged/principal contexts, basically only ever in chrome (and ? activity stream). And AFAICT it is cleared when history is cleared, and also not collected/used in PB mode (but I am not sure). I also know of bugzillas where thumbnails can capture PII (login screens, webcam in use, user handles/names/avatars - true story, I once found a real ID of someone trying to hide, from their unusual avatar using reverse image search)

So kicking this into here for someone else to check, like @pierov 👿 🧀

also may be relevant for privacy browser

user_pref("browser.pagethumbnails.capturing_disabled", true); // [HIDDEN PREF]

Here are some comments from fabrizio

when it collects thumbs

https://searchfox.org/mozilla-central/source/browser/base/content/browser-thumbnails.js#68-84

the logic must be a bit more complex than this, I've seen bugzilla tickets about when and when not to capture (eg. documents, redirects, pages that have thumbnails already..)

where it stores them

https://searchfox.org/mozilla-central/source/toolkit/components/thumbnails/PageThumbs.jsm#20-23

how are they sanitized

each hour if there are more than 50 thumbnails remove the exceeding ones, otherwise set a certain age: https://searchfox.org/mozilla-central/source/toolkit/components/thumbnails/PageThumbs.jsm#12-18

also sanitized with history or when the page is removed (forget about this site I think): https://searchfox.org/mozilla-central/source/toolkit/components/thumbnails/PageThumbs.jsm#124

some more references for a deeper dive:

a quick look at the uses:

as you can see new tab page, places, ctrl-tab. also this comment and there are more bugzilla on the security aspect.

Edited by Thorin