Opened 4 years ago

Closed 4 years ago

Last modified 22 months ago

#16528 closed defect (fixed)

TorBrowser 5.0a3 acting very odd with e.g. Twitter due to IndexedDB

Reported by: erinn Owned by: mikeperry
Priority: High Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: TorBrowserTeam201507R, ff38-esr, tbb-usability-website, GeorgKoppen201507R, tbb-5.0a4, MikePerry201507
Cc: gk, mcs Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

I'm experiencing numerous problems with Twitter's web interface with the latest alpha version of TorBrowser. I haven't seen this on other websites so I'll enumerate issues here:

  • keyboard shortcuts (e.g., opening a tab with ctrl-t, saving a bookmark with ctrl-d) don't work while in the twitter tab but work elsewhere
  • images aren't displayed
  • trending topics & follow suggestions aren't displayed
  • twitter doesn't automatically load/queue new tweets

All of these sound like JS issues, but even whitelisting twitter.com and twimg.com in NoScript didn't seem to make a difference.

Child Tickets

Change History (22)

comment:1 Changed 4 years ago by Diapolo

I can confirm this is a problem for me, too.

  • pictures in Tweets are not shown
  • I'm unable to show the context menu via right clicking in the Twitter site
  • old Tweets are not loading when scrolling to the end of the shown tweets

I'm on Windows using TB 5.0a3 (based on Mozilla Firefox 38.1.0).

As an addition, I'm not using NoScript and disabling all addons doesn't solve these problems!

Last edited 4 years ago by Diapolo (previous) (diff)

comment:2 Changed 4 years ago by ln5

I too can confirm trouble with Twitter, on a 32bit linux system.

In addition, another JS-heavy site that I'm using for banking doesn't work any more. Specifically, "drop down menus" don't drop down any more on mouse over. (Sorry for inprecise language.)

comment:3 Changed 4 years ago by mikeperry

Keywords: TorBrowserTeam201507 ff38-esr tbb-5.0a tbb-usability-website added
Priority: normalmajor

comment:4 Changed 4 years ago by mikeperry

This appears to due to an error with how a script that is crucial to twitter's page handling is checking for/attempting to use IndexedDB (which we disable).

If I set the about:config pref 'dom.indexedDB.enabled' to true, twitter *appears* to work much better for me. Can anyone confirm that this fixes all issues for them, or if any still remain?

comment:5 in reply to:  4 Changed 4 years ago by ln5

Replying to mikeperry:

If I set the about:config pref 'dom.indexedDB.enabled' to true, twitter *appears* to work much better for me. Can anyone confirm that this fixes all issues for them, or if any still remain?

This fixes all my observed issues.

comment:6 Changed 4 years ago by mikeperry

Summary: TorBrowser 5.0a3 acting very odd with TwitterEnable IndexedDB (for Twitter and other sites)

I think it is actually fine if we enable IndexedDB. I spent some time looking into it, and due to https://bugzilla.mozilla.org/show_bug.cgi?id=595307 and https://developer.mozilla.org/en-US/docs/Web/API/IndexedDB_API/Using_IndexedDB#Security, IndexedDB is disabled for third parties. This means we don't have to isolate it to enable it.

We will want to ensure the following:

  1. IndexedDB data is cleared on New Identity. Right now, we don't do anything explicit for this, but it may get cleared automatically during cookie clearing. We should verify that.
  2. IndexedDB data can't get written to disk if we're in private browsing modes.

Unfortunately, it seems as though flipping the pref doesn't actually properly enable IndexedDB. This test reports tons of errors: http://nparashuram.com/IndexedDBShim/test. Still investigating.

comment:7 Changed 4 years ago by mikeperry

Aha, it looks as though IndexedDB is also disabled in private browsing modes: https://bugzilla.mozilla.org/show_bug.cgi?id=781982. Interestingly, it's disabled in a different way than flipping that pref, which seems good enough for us I guess?

Unfortunately, if you enable disk records/disable private browsing, New Identity does not clear IndexedDB.

comment:8 Changed 4 years ago by mikeperry

Holy crap. It seems like there really is no easy way to clear indexedDB data in Firefox at all. Not through Clear Private Data, or anything else. In fact, the only code I could find that deals with IndexedDB supercookies at all is https://addons.mozilla.org/en-US/firefox/addon/mozcleaner/, and that actually removes the sqllite files and other info right off the filesystem. It also says that this is unstable (probably because the browser caches open file handles to the sqlite stores, etc).

Damn...

comment:9 Changed 4 years ago by mikeperry

Summary: Enable IndexedDB (for Twitter and other sites)TorBrowser 5.0a3 acting very odd with Twitter due to IndexedDB

I am not sure if enabling indexedDB is the right move now. I am thinking it might be better to remove the pref checks in IDBFactory::CreateForWindow() and IDBFactory::CreateForMainThreadJSInternal(), so that the behavior for private browsing mode and the pref is identical (due to the checks in FactoryOp::CheckPermission()).

This should still fix twitter and ln5's bank, and is probably a better option than trying to write a bunch of code to clear indexedDB state at this point.

comment:10 Changed 4 years ago by Diapolo

Setting 'dom.indexedDB.enabled' to true fixes all observed problems with Twitter for me. I'm not using TB in private mode, as I'm fine with the browser storing stuff on my disk currently.

comment:11 Changed 4 years ago by mikeperry

To people who have set the pref - you are very vulnerable to SuperCookie tracking. There is *no way* to delete IndexedDB storage. We do not do it on New Identity, and Firefox's Clear Private Data does not do it either.

This is actually happening on a lot more sites, too. It turns out every site that uses the Modernizr feature detection library is broken with this pref flipped. Should be considered a Modernizr bug, but I bet a lot of people sites have pinned their Modernizr versions.

comment:12 Changed 4 years ago by mikeperry

Keywords: TorBrowserTeam201507R added; TorBrowserTeam201507 removed
Status: newneeds_review

I have a fix for this that works for me by changing the failure mode of IndexedDB when the pref is flipped to match the failure mode for Private Browsing Mode. This patch may cause issues with e10s when we switch to ff45, and could also use another set of eyes now, too.

See https://gitweb.torproject.org/user/mikeperry/tor-browser.git/commit/?h=bug16528.

comment:13 Changed 4 years ago by gk

Cc: gk added
Keywords: GeorgKoppen201507R added

comment:14 Changed 4 years ago by mcs

Cc: mcs added

comment:15 Changed 4 years ago by mikeperry

Keywords: tbb-5.0a4 added; tbb-5.0a removed

Tag some 5.0a4 goals.

comment:16 Changed 4 years ago by mikeperry

Keywords: MikePerry201507 added
Owner: changed from tbb-team to mikeperry
Status: needs_reviewassigned

comment:17 Changed 4 years ago by mikeperry

Status: assignedneeds_review

comment:18 Changed 4 years ago by gk

Looks good to me. I am wondering why they have these checks at all if everything has to go through CheckPermission() anyway. This worries me. I tried to find that out but did not succeed. The only thing I found was https://bugzilla.mozilla.org/show_bug.cgi?id=1079355#c2 which is a more general remark.

comment:19 in reply to:  18 Changed 4 years ago by mcs

Replying to gk:

Looks good to me. I am wondering why they have these checks at all if everything has to go through CheckPermission() anyway. This worries me. I tried to find that out but did not succeed. The only thing I found was https://bugzilla.mozilla.org/show_bug.cgi?id=1079355#c2 which is a more general remark.

Kathy and I also looked at Mike's patch and we think it is OK. But we agree with gk that it is difficult to determine why Mozilla implemented the permission checks the way they did.

comment:20 Changed 4 years ago by mikeperry

Resolution: fixed
Status: needs_reviewclosed

Ok, I merged this for 5.0a4. At some point we should contact Mozilla about what a mess IndexedDB has become in general after the e10s rewrite, and ask them about the patch. Probably after Aug 11th, when we push to upstream our patches again.

comment:21 Changed 4 years ago by gk

Summary: TorBrowser 5.0a3 acting very odd with Twitter due to IndexedDBTorBrowser 5.0a3 acting very odd with e.g. Twitter due to IndexedDB

#16708 is a duplicate.

comment:22 in reply to:  12 Changed 22 months ago by cypherpunks

Severity: Normal

Replying to mikeperry:

I have a fix for this that works for me by changing the failure mode of IndexedDB when the pref is flipped to match the failure mode for Private Browsing Mode. This patch may cause issues with e10s when we switch to ff45, and could also use another set of eyes now, too.

See https://gitweb.torproject.org/user/mikeperry/tor-browser.git/commit/?h=bug16528.

Any issues with e10s?
Seems the corresponding Mozilla bug is https://bugzilla.mozilla.org/show_bug.cgi?id=781982

Last edited 22 months ago by cypherpunks (previous) (diff)
Note: See TracTickets for help on using tickets.