Make e10s/non-e10s Tor Browsers indistinguishable

Just citing gk:

e10s in its current form probably brings some fingerprinting risks with it. e.g. users of accessibility tools won't have e10s enabled on Windows and macOS at least. Windows XP users with D3D9 support neither. mcs and brade found that showModalDialog() is not available when e10s is enabled etc.

added TorBrowserTeam201802R component::applications/tor browser ff52-esr ff60-esr-will-have owner::tbb-team priority::medium resolution::fixed severity::normal status::closed tbb-backported tbb-fingerprinting tbb-no-uplift type::defect labels

users of accessibility tools not only those users, but Also, on a Microsoft Surface Pro / Windows 10 that with a11y enabled: <Multiprocess Windows 0/1 Dissabled by accesibility tools>. https://bugzilla.mozilla.org/show_bug.cgi?id=1329752#c26 a11y enabled by default on all touch screens.

Backport removal of window.showModalDialog https://bugzilla.mozilla.org/show_bug.cgi?id=981796

Set dom.disable_window_showModalDialog to true to fix the obvious part of this ticket without patching.

Trac:
Status: new to needs_review

Replying to cypherpunks:

Set dom.disable_window_showModalDialog to true to fix the obvious part of this ticket without patching.

But that prevents the parent process from using that feature as well, right? Do we have some estimate about what that would break? (We'd need a patch for actual review)

Trac:
Status: needs_review to needs_information

It is for non-e10s only. As you see it is already disabled in e10s and removed in upstream. Some legacy things would break in non-e10s, but that's not what we should take care of. (So you want the backported patch to remove it completely, but it looks better to keep the pref, if somebody would complain.)

Trac:
Status: needs_information to new

Here is a patch! I hope everything is fine.

Trac:
Status: new to needs_review

Trac:
0001-Bug22614-Make-e10s-non-e10s-Tor-Browsers-indistingui.patch

Trac:
Keywords: N/A deleted, TorBrowserTeam201802R added

r=mcs The patch looks good to me and it seems to work. I tested it on macOS and, with or without e10s enabled, calling window.showModalDialog() generates a TypeError: window.showModalDialog is not a function exception.

Thanks for testing, mcs. Applied to tor-browser-52.6.0esr-8.0-2 (commit a91cf5fa9be89c32948f72b87819ff08c43a360e).

Trac:
Status: needs_review to closed
Resolution: N/A to fixed

mcs mentioned this fix will no longer be needed in TBB/ESR60 because of the patches landed in https://bugzilla.mozilla.org/show_bug.cgi?id=981796

Trac:
Keywords: N/A deleted, tbb-no-uplift added

Trac:
Keywords: N/A deleted, ff60-esr-obsolete added

This ticket was filed to investigate the differences between modes, but closed as fixed without mentioning the results of it. What was found during RFP project?

Replying to arthuredelstein:

mcs mentioned this fix will no longer be needed in TBB/ESR60 because of the patches landed in https://bugzilla.mozilla.org/show_bug.cgi?id=981796 Not comment:2? Does upstream team agree with your ff60-esr-obsolete or can prove ff60-esr-will-have?

Trac:
Keywords: ff60-esr-obsolete deleted, tbb-backport, ff60-esr-will-have added

Backported to tor-browser-52.8.0esr-7.5-1 (commit deaa82b4f8ab411198ca300f614df3970221455e). Should be available in 7.5.4.

Trac:
Keywords: tbb-backport deleted, tbb-backported added

Replying to cypherpunks:

This ticket was filed to investigate the differences between modes, but closed as fixed without mentioning the results of it. What was found during RFP project?

Replying to arthuredelstein:

mcs mentioned this fix will no longer be needed in TBB/ESR60 because of the patches landed in https://bugzilla.mozilla.org/show_bug.cgi?id=981796 Not comment:2? Does upstream team agree with your ff60-esr-obsolete or can prove ff60-esr-will-have?

I think ESR60 is different enough that we could think about filing a new ticket thinking about the remaining things to do wrt to e10s/non-e10s fingerprintability, if there are any left at all.

For anyone else who might land here wondering what //"e10s"// is: It's short for //"Electrolysis"//, which is [multi-process architecture work].

Not to be confused with [the process by which electricity is applied to e.g. separate elements].

Trac:
Cc: N/A to dmr

closed

moved to tpo/applications/tor-browser#22614 (closed)