Opened 21 months ago

Last modified 3 months ago

#21549 new task

Investigate wasm for linkability/fingerprintability/disk avoidance issues

Reported by: gk Owned by: tbb-team
Priority: Very High Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: ff60-esr, TorBrowserTeam201809
Cc: dmr, mcs, brade Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description (last modified by dmr)

In order to avoid the asm.js disaster we should investigate whether wasm complies with our design requirements. It got enabled in Firefox 52 but re-disabled in ESR 52.

Child Tickets

Change History (14)

comment:1 Changed 21 months ago by cypherpunks

Keywords: ff52-esr removed

status-firefox-esr52: disabled
https://bugzilla.mozilla.org/show_bug.cgi?id=1342060#c23
But, please, don't postpone such tasks to the next esr.

comment:2 Changed 21 months ago by gk

Keywords: ff59-esr added
Sponsor: Sponsor4

If we get earlier to it fine with me. But that needs to get addressed latest with the switch to esr59. Addjusting the key words and sponsor field.

comment:3 Changed 10 months ago by gk

Keywords: ff60-esr added; ff59-esr removed

Firefox 60 is the new ESR.

comment:4 Changed 5 months ago by gk

Keywords: TorBrowserTeam201807 added
Priority: MediumHigh

comment:5 Changed 4 months ago by gk

Keywords: TorBrowserTeam201808 added; TorBrowserTeam201807 removed

Move our tickets to August.

comment:6 Changed 3 months ago by gk

Priority: HighVery High

comment:7 Changed 3 months ago by gk

I think we can disable WASM for 8.0 until we are sure we are good here. If we happen to do the analysis and proper patches earlier, great.

comment:8 Changed 3 months ago by dmr

Cc: dmr added

comment:9 in reply to:  1 Changed 3 months ago by dmr

Description: modified (diff)

Replying to cypherpunks:

status-firefox-esr52: disabled
https://bugzilla.mozilla.org/show_bug.cgi?id=1342060#c23
But, please, don't postpone such tasks to the next esr.

Indeed disabled in esr52.
pref javascript.options.wasm

More details (beyond the comment):
https://bugzilla.mozilla.org/show_bug.cgi?id=1342440
https://hg.mozilla.org/releases/mozilla-esr52/rev/e07850f191a0

Changing the description so that others don't need to read comments to know about this.

comment:10 Changed 3 months ago by gk

Cc: mcs brade added
Keywords: TorBrowserTeam201808R added; TorBrowserTeam201808 removed
Status: newneeds_review

Let's disable it for now until we are confident we can enable it and let it govern by the security slider. See: bug_21549 (https://gitweb.torproject.org/user/gk/tor-browser.git/commit/?h=bug_21549&id=19ad2e4d07a06e529920f082eb7d5fdd87e380d4) in my public tor-browser repository.

comment:11 Changed 3 months ago by mcs

r=mcs, r=brade
Looks good to us.

comment:12 Changed 3 months ago by gk

Keywords: TorBrowserTeam201808 added; TorBrowserTeam201808R removed
Status: needs_reviewnew

Thanks. Cherry-picked to tor-browser-60.1.0esr-8.0-1 (commit 3c6862f6cc8a7dc59b9eba41638100638ecb33b0). Setting back to new for the investigation part.

comment:13 Changed 3 months ago by reportUrl

Is this enough after tiering was enabled?
https://bugzilla.mozilla.org/show_bug.cgi?id=1277562

comment:14 Changed 3 months ago by gk

Keywords: TorBrowserTeam201809 added; TorBrowserTeam201808 removed

Moving our tickets to September 2018

Note: See TracTickets for help on using tickets.