Bug 42125: Set and lock privacy.resistFingerprinting.exemptedDomains.

Merge Info

Related Issues

• #42125 (closed)
• mullvad-browser#xxxxx
• tor-browser-build#xxxxx

Backporting

Timeline

• Immediate: patchset needed as soon as possible
• Next Minor Stable Release: patchset that needs to be verified in nightly before backport
• Eventually: patchset that needs to be verified in alpha before backport
• No Backport (preferred): patchset for the next major stable

I'm not sure of the timeline.

(Optional) Justification

• Emergency security update: patchset fixes CVEs, 0-days, etc
• Censorship event: patchset enables censorship circumvention
• Critical bug-fix: patchset fixes a bug in core-functionality
• Consistency: patchset which would make development easier if it were in both the alpha and release branches; developer tools, build system changes, etc
• Sponsor required: patchset required for sponsor
• Localization: typos and other localization changes that should be also in the release branch
• Other: please explain

Merging

• Merge to tor-browser - !fixups to tor-browser-specific commits, new features, security backports
• Merge to base-browser - !fixups to base-browser-specific commits, new features to be shared with mullvad-browser, and security backports
  • NOTE: if your changeset includes patches to both base-browser and tor-browser please clearly label in the change description which commits should be cherry-picked to base-browser after merging

Issue Tracking

• Link resolved issues with appropriate Release Prep issue for changelog generation

Review

Request Reviewer

• Request review from an applications developer depending on modified system:
  • NOTE: if the MR modifies multiple areas, please /cc all the relevant reviewers (since gitlab only allows 1 reviewer)
  • accessibility : henry
  • android : clairehurst, dan
  • build system : boklm
  • extensions : ma1
  • firefox internals (XUL/JS/XPCOM) : jwilde, ma1
  • fonts : pierov
  • frontend (implementation) : henry
  • frontend (review) : donuts, richard
  • localization : henry, pierov
  • macOS : clairehurst, dan
  • nightly builds : boklm
  • rebases/release-prep : dan, ma1, pierov, richard
  • security : jwilde, ma1
  • signing : boklm, richard
  • updater : pierov
  • windows : jwilde, richard
  • misc/other : pierov, richard

/cc @thorin

Change Description

There's a pref to avoid RFP in some domains, and if I get it correctly, it works on wildcards. For the same reasons for which we've locked RFP, we could lock this one (avoid footguns of users not really understanding what it does).

How Tested

Checked that we don't get strange console warnings for setting this pref.

requested review from @ma1

assigned to @pierov

lgtm, thank you.

approved this merge request

@thorin all good for you?

There's also

• privacy.resistFingerprinting.reduceTimerPrecision.jitter
• privacy.resistFingerprinting.reduceTimerPrecision.microseconds

but I'm not sure how they work with RFP. There is/was a pref way to disable this without using RFPTargets - basically tweak the prefs to return 1ms precision

We should check with tom

added 1 commit

• 90689a4b - fixup! Firefox preference overrides.

Compare with previous version

marked this merge request as draft from pierov/tor-browser@90689a4b

marked this merge request as ready

resolved all threads

added 1 commit

• cc1f52a5 - fixup! Firefox preference overrides.

Compare with previous version

marked this merge request as draft from pierov/tor-browser@cc1f52a5

marked this merge request as ready

Approving @thorin's suggestions too

merged

Cherry-picked as ebaa959d and as mullvad-browser@a9cb8355.

Cherry-picked also to the 14.0 series as 8cad63f9, f230a2e9 and mullvad-browser@53f181cb.