Skip to content

Disable pagethumbnails capturing

TB doesn't set this. AFAICT (@fabrizio did some digging) this is only ever exposed in privileged/principal contexts, basically only ever in chrome (and ? activity stream). And AFAICT it is cleared when history is cleared, and also not collected/used in PB mode (but I am not sure). I also know of bugzillas where thumbnails can capture PII (login screens, webcam in use, user handles/names/avatars - true story, I once found a real ID of someone trying to hide, from their unusual avatar using reverse image search)

So kicking this into here for someone else to check, like @pierov 👿 🧀

also may be relevant for privacy browser

user_pref("browser.pagethumbnails.capturing_disabled", true); // [HIDDEN PREF]

Here are some comments from fabrizio

when it collects thumbs

https://searchfox.org/mozilla-central/source/browser/base/content/browser-thumbnails.js#68-84

the logic must be a bit more complex than this, I've seen bugzilla tickets about when and when not to capture (eg. documents, redirects, pages that have thumbnails already..)

where it stores them

https://searchfox.org/mozilla-central/source/toolkit/components/thumbnails/PageThumbs.jsm#20-23

how are they sanitized

each hour if there are more than 50 thumbnails remove the exceeding ones, otherwise set a certain age: https://searchfox.org/mozilla-central/source/toolkit/components/thumbnails/PageThumbs.jsm#12-18

also sanitized with history or when the page is removed (forget about this site I think): https://searchfox.org/mozilla-central/source/toolkit/components/thumbnails/PageThumbs.jsm#124

some more references for a deeper dive:

a quick look at the uses:

as you can see new tab page, places, ctrl-tab. also this comment and there are more bugzilla on the security aspect.

Edited by Thorin
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information