Opened 4 years ago

Closed 4 years ago

#16316 closed task (fixed)

Disable New Tiles feature in Tor Browser based on ESR 38

Reported by: gk Owned by: tbb-team
Priority: High Milestone:
Component: Applications/Tor Browser Version:
Severity: Keywords: ff38-esr, tbb-linkability, tbb-5.0a3-essential, tbb-pref, TorBrowserTeam201507R, MikePerry201507
Cc: mcs Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

On about:newtab are now shown tiles with affiliate links that are fetched from Mozilla's infrastructure and pings containing detailed data about which tiles have been seen are sent back. See: https://bugzilla.mozilla.org/show_bug.cgi?id=1042214#c33 for more detailed information.

We should avoid all these things although our default Private Browsing Mode with no history being enabled might mitigate the tracking risks.

https://bugzilla.mozilla.org/show_bug.cgi?id=1073823 contains a way turning that feature off and https://bugzilla.mozilla.org/show_bug.cgi?id=1030832 is the meta bug. https://bugzilla.mozilla.org/show_bug.cgi?id=1030832#c6 is interesting and we want to keep an eye on this as "a website defining own enhanced tiles via a meta tag" sounds potentially dangerous to me.

Child Tickets

Change History (9)

comment:1 Changed 4 years ago by mcs

Cc: mcs added

To disable the "enhanced" tiles, I think we can set browser.newtabpage.enhanced = false.
See: https://bugzilla.mozilla.org/show_bug.cgi?id=1042214#c34
I am not sure what our policy should be about Firefox's efforts to include ads like these (I doubt this will be their last such effort). But the tracking that advertisers always demand is probably unacceptable for Tor Browser, at least in its default configuration.

comment:2 Changed 4 years ago by gk

comment:3 Changed 4 years ago by mikeperry

Keywords: tbb-5.0a3-essential tbb-pref MikePerry201506 added

I think given the potential confusion around this feature, it is probably worth disabling these tiles in 5.0a3 even if they are not yet based on any personalized recommendations, at least until we better understand the exact nature of these tiles, and can articulate a clear position on the exact behavior.

comment:4 Changed 4 years ago by mikeperry

Resolution: fixed
Status: newclosed

I pushed the pref to disable tiles for now, and filed #16443 to audit the full feature in FF45-esr.

comment:5 Changed 4 years ago by mikeperry

Keywords: TorBrowserTeam201507 added; MikePerry201506 removed
Resolution: fixed
Status: closedreopened

anonym noted that the tiles are still in fact enabled in 5.0a3. We need to set one more pref:
16:18 < anonym> the Tiles are still fetched in a completely vanilla linux64 Tor Browser 5.0a3-build5 :/
16:19 < anonym> I've noticed that setting browser.newtabpage.directory.source = "" makes the Tiles empty, and nothing is fetched

comment:6 Changed 4 years ago by mcs

The code that is causing trouble is a combination of _setDefaultEnhanced(), here:
http://mxr.mozilla.org/mozilla-esr38/source/browser/modules/DirectoryLinksProvider.jsm#138
(which is called at init time) and the pref observer that is in that same module:
http://mxr.mozilla.org/mozilla-esr38/source/browser/modules/DirectoryLinksProvider.jsm#155

Since at first there is no user pref value in Tor Browser, _setDefaultEnhanced() when called at init time sets browser.newtabpage.enhanced = true. If you then set browser.newtabpage.enhanced = false (e.g., via about:config), the user pref value disappears because the browser default pref value is already false in Tor Browser 5.0a3. And then when the pref. observer is invoked it calls _setDefaultEnhanced(), which determines that there is no user value and therefore sets the pref. back to true for you. How unpleasant.

comment:7 Changed 4 years ago by mikeperry

Keywords: TorBrowserTeam201507R MikePerry201507 added; TorBrowserTeam201507 removed
Status: reopenedneeds_review

Ok. How about we just avoid all of this mess and make about:tor be our newtab page as well, then?

I just pushed mikeperry/bug16316 with this change, and also a change to remove the source and ping urls for this newtab business, lest they get loaded in the background.

Leaving this as needs_review in case anyone objects to making about:tor our new tab page for now.

comment:8 in reply to:  7 Changed 4 years ago by mcs

Replying to mikeperry:

Leaving this as needs_review in case anyone objects to making about:tor our new tab page for now.

I think this is OK. I would prefer about:blank as the new tab page (less distracting) but I am biased because that is how I configure my own browsers.

Does setting the .source and .ping prefs to "" cause more noise to appear on the error console?

comment:9 Changed 4 years ago by mikeperry

Resolution: fixed
Status: needs_reviewclosed

Ok, I think I agree about about:tor being non-ideal. Also, disabling the newtab tiles completely is bad for people who store disk records. Also, yes, blank entries caused error console noise.

I set these fetch urls to data uris and fixed the check in browser/modules/DirectoryLinksProvider.jsm and pushed this for 5.0-next. It seems to preserve the old 'classic' about:newtab behavior now, with disk records either enabled or disabled. Closing.

Note: See TracTickets for help on using tickets.