Opened 4 years ago

Closed 4 years ago

#16625 closed defect (fixed)

Fully disable Firefox network predictor

Reported by: mikeperry Owned by: mikeperry
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Keywords: tbb-linkability, tbb-5.0a4, ff38-esr, TorBrowserTeam201507, MikePerry201507
Cc: gk Actual Points:
Parent ID: Points:
Reviewer: Sponsor:


The network predictor (formerly called 'seer') makes preemptive connections to resources in a page based on cached information. It can also do the same when the user hovers over a link.

We should verify that this thing does not actually make full HTTP requests during the hover prefetch, as that could be a linkability issue. The preemptive connections to resources may also subvert our SOCKS username+password isolation.

Child Tickets

Change History (5)

comment:1 Changed 4 years ago by mikeperry

The pref for this is network.predictor.enabled.

comment:2 Changed 4 years ago by mikeperry

Keywords: MikePerry201507 added
Owner: changed from tbb-team to mikeperry
Status: newassigned

comment:3 Changed 4 years ago by gk

Cc: gk added

comment:4 Changed 4 years ago by mikeperry

I looked at the source, and nsIOService::SpeculativeConnect() in combination with IOServiceProxyCallback::OnProxyAvailable() seems to prevent predictions from happening because we have a proxy set. However, the code still seems to create cache entries in about:cache somehow, and disabling the pref prevents that.

It is simple enough to hack the code to actually enable prediction for proxied connections, which I think might be a good idea for us, except that Arthur's OCSP patch doesn't properly carry through the isolation parameters involved in predicted requests, so they would violate our connection isolation. The isolation parameters were similarly not applied in the cached prediction entries, which is also worrisome.

I am going to commit a pref flip to disable prediction entirely, and file a new ticket for fixing prediction and actually enabling it post-5.0. My guess is that in addition to potential isolation issues, it probably will turn up a few fun connection usage edge cases, since it seems that Mozilla likely has never even tested it with proxy support enabled.

comment:5 Changed 4 years ago by mikeperry

Resolution: fixed
Status: assignedclosed
Summary: Verify network predictor doesn't introduce linkabilityFully disable Firefox network predictor

Ok, I filed #16633 to re-enable this. I also pushed the pref flip already for 5.0a4.

Note: See TracTickets for help on using tickets.