Move all TB Mozilla service calls to .onions

Tor Browser currently pings Mozilla for a (limited) number of things, such as add-on update pings. (At least that's what I'm told, it sounds plausible.)

Mozilla is interested in providing .onions for the endpoints TB uses.

added component::applications/tor browser owner::tbb-team priority::medium severity::normal status::new type::enhancement labels

Trying to build a complete list:

• Add-On Update Check
• NoScript Update Check
• Extension Blacklist

(Filtering about:config for mozilla.org yields a bunch of URLs but most/all(?) of the things are disabled.)

NoScript Update Check should be part of the Add-On update check (called VersionCheck). Does TBB receive OneCRL data from firefox.settings.services.mozilla.com or the AMO Blocklist?

Trac:
Username: julien

As a user... I am very pleased that Mozilla wants to do this!

This is a near-complete list, I think. It does NOT include every place that Tor Browser links to a website, but it hopefully contains every automated behind the scenes call to Mozilla websites and it does include some links also.

• Extension Blacklisting from Mozilla is enabled
• Pref: extensions.blocklist.enabled
• URL: https://blocklist.addons.mozilla.org/
• Extension Updating
• Pref: extensions.update.background.url
• Url: https://versioncheck.addons.mozilla.org
• 'Get Add-Ons' - this happens if you choose that tab in Tor Browser
• Pref: extensions.getAddons.*
• URL: https://services.addons.mozilla.org
• Extension Discovery - not sure what this is
• Pref: extensions.webservice.discoverURL
• https://discovery.addons.mozilla.org/
• Customize -> Themes -> Get More Themes opens a tab with this url
• Pref: lightweightThemes.getMoreURL
• URL: https://addons.mozilla.org/
• There's some stuff about media.gmp* but I'm not sure what this is...
• Firefox Sync
• Left uninvestigated due to the assumption that while I believe you can use this in Tor Browser, that no one does. (and I have no idea how it would behave)
• Devtools
• It appears devtools.devices.url (https://code.cdn.mozilla.net/devices/devices.json) will get downloaded for a database of device information.
• WebIDE will auto-install extensions from https://ftp.mozilla.org/
• In particular I saw devtools.webide.adaptersAddonURL and devtools.webide.adbAddonURL but devtools.webide.simulatorAddonsURL looks like another one
• And templates downloaded from devtools.webide.templatesURL
• OneCRL and other Kinto-based services (This may not be in ESR 45 but will be in 52)
• Services: OneCRL, 'addons', 'gfx', 'plugins'
• OneCRL is certificate blacklisting
• gfx is disabling hardware acceleration for graphics cards or drivers, see https://wiki.mozilla.org/Blocklisting/Graphics
• I am unsure how addon/plugin blacklisting functions here compared to the above blocklist.
• Pref: services.settings.server and services.blocklist.*
• URL: https://firefox.settings.services.mozilla.com/v1
• Example: https://firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/records (I couldn't figure out what a link to an actual data source would be...)
• Crash Reporter and Telemetry are disable

I researched what would happen if Mozilla's blocklist was used against the Tor add-ons. The next restart of Tor Browser would have the add-ons disabled; and browsing would not work, giving an error that the proxy server is refusing connections.

I confirmed that extensions.systemAddons were not enabled. I also put some random other notes in #19048 (moved)

Based off of all of this I am going to propose Mozilla start with one of the following with the choice probably being whichever one is easiest:

• ​https://versioncheck.addons.mozilla.org - This one may be most preferable, as the version check can be initiated by the user, which allows for easy testing.
• https://blocklist.addons.mozilla.org
• https://firefox.settings.services.mozilla.com

Sounds good to me and thanks for the detailed write-up!

After some internal discussion:

• The kinto-based plugin/addon blocking is the 'new way' add-on blocking will be done. They are different views of the same data.
• On Android there is something called the 'bouncer' app, details here: http://gecko.readthedocs.io/en/latest/mobile/android/fennec/bouncer.html
• gmp (Gecko Media Plugin) is for EME. I believe it is a generic extension point and not 'the one single EME' but that EMEs are built to live inside it. I hope we don't have to worry about it because we disable EME
• browser.safebrowsing (aka Shavar) is disabled but would be another thing that polls
• Same with ABSearch and Tiles

Trac:
Username: tokotoko
Cc: N/A to fdsfgs@krutt.org

An onion service for addons.mozilla.org would be awesome, because addons.m.o keeps being the center of attention in various "what if they can mess with the cert" attacks.

Is there any new thinking here? Is somebody waiting for v3 onion services to be a thing? Would they want to set them up with some sort of onionbalance framework, for robustness? It would be nice to have a checklist of desired features/steps, so we can work to check them off, and so we can notice when the list has become empty.

cc'ing dgoulet since last i checked he is the keeper of the "what do we need to do before v3 onion services are at feature parity" list.

Trac:
Cc: fdsfgs@krutt.org to fdsfgs@krutt.org, dgoulet

Replying to arma:

Is there any new thinking here? Is somebody waiting for v3 onion services to be a thing? Would they want to set them up with some sort of onionbalance framework, for robustness? It would be nice to have a checklist of desired features/steps, so we can work to check them off, and so we can notice when the list has become empty.

There is no new thinking, and we are not waiting on any features from Tor on this. It's simply not been something the services team at Mozilla has added to their target list yet.

mentioned in issue #22966 (moved)

moved to tpo/applications/tor-browser#21200 (closed)