Investigate and neuter fingerprinting potential of Permissions API

The Permissions API is now enabled in Firefox 52. We should come up with a plan to neuter its fingerprinting potential and implement it for Tor Browser 7.0:

https://bugzilla.mozilla.org/show_bug.cgi?id=1221106 https://bugzilla.mozilla.org/show_bug.cgi?id=1233702 (removes the associated pref) https://developer.mozilla.org/en-US/docs/Web/API/Permissions_API https://w3c.github.io/permissions/

added TorBrowserTeam201705R component::applications/tor browser ff52-esr owner::arthuredelstein priority::high resolution::fixed severity::normal sponsor::4 status::closed tbb-7.0-must-alpha tbb-linkability type::task labels

Trac:
Keywords: N/A deleted, tbb-7.0-must added

Getting those tickets on our March radar as well.

Trac:
Keywords: N/A deleted, TorBrowserTeam201703 added

Moving tickets over to April

Trac:
Keywords: TorBrowserTeam201703 deleted, TorBrowserTeam201704 added

Trac:
Cc: N/A to arthuredelstein

Trac:
Status: new to accepted
Owner: tbb-team to arthuredelstein

Getting more tickets on our alpha radar.

Trac:
Keywords: tbb-7.0-must deleted, tbb-7.0-must-alpha added

Moving the investigation tickets to higher priority.

Trac:
Priority: Medium to High

Here's my patch for review. I am applying first-party isolation to the Permission Manager: https://github.com/arthuredelstein/tor-browser/commits/21569

Trac:
Keywords: TorBrowserTeam201704 deleted, TorBrowserTeam201704R added
Status: accepted to needs_review

Kathy and I started to review this but got stuck on a couple of things:

• Where is the file file_firstPartySpecial.html?
• Should the commented out lines (e.g., for geolocation) be removed from browser_permissions.js?
• PrincipalOriginAttributes::StripUserContextId() is now an empty function. Is that correct?

Trac:
Status: needs_review to needs_information

Moving review tickets to May.

Trac:
Keywords: TorBrowserTeam201704R deleted, TorBrowserTeam201705R added

Replying to mcs:

Kathy and I started to review this but got stuck on a couple of things:

• Where is the file file_firstPartySpecial.html?
• Should the commented out lines (e.g., for geolocation) be removed from browser_permissions.js?
• PrincipalOriginAttributes::StripUserContextId() is now an empty function. Is that correct?

Thanks for noticing these things. I have cleaned them up now. Here's the new version: https://github.com/arthuredelstein/tor-browser/commit/21569+4

Note here I am enabling isolation of permissions both by first party domain and container ID. As Tor Browser doesn't use containers, the change to container behavior should have no effect. But I took this approach (changing both things) because it makes writing a test with Mozilla's existing isolation test framework straightforward. If Mozilla decides to apply first-party isolation to permissions, but not to apply it to containers, then they will need to modify the framework. (Although my recommendation would be to isolate permissions by containers as well.)

Trac:
Status: needs_information to needs_review

r=brade, r=mcs Kathy and I are far from experts on this aspect of Firefox, but the patches look good and we successfully ran the tests on OSX. We also ran the tests without the other portion of the patch and saw that 2 tests failed due to lack of isolation (as expected).

Looks good to me. I cherry-picked this on tor-browser-52.1.0esr-7.0-2 (commit d8b12ca703cd530b5c7684be00d5979fb1543705).

Trac:
Resolution: N/A to fixed
Status: needs_review to closed

Trac:
Keywords: N/A deleted, tbb-linkability added

Closed #20317 (moved) as duplicate.

closed

moved to tpo/applications/tor-browser#21569 (closed)