Opened 2 years ago

Last modified 19 months ago

#22814 assigned defect

Disable clipboard.autocopy in Tor Browser

Reported by: pqrst Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Major Keywords: tbb-pref, tbb-easy
Cc: fdsfgs@… Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

On Linux Mint KDE (and possibly other distros) clicking with the mouse wheel on an empty (non-linked) area of a web page in Firefox will take you back to a previously closed page.

This also works if the page was in an already closed private window.

It also works if the page was in a TOR Browser instance after doing "create new identity".

Most hilariously, it is possible to reopen a closed page from before an identity change in a separate instance of normal Firefox.

Changing clipboard.autocopy to false in about:config stops this behavior.

In my opinion this is a highly questionable "feature" under any circumstances, but in the context of TOR Browser this should be considered a major security risk. Please disable this option by default.

This behavior is present in TOR Browser 7.0.2 on Linux Mint 18.2, but I have observed it in several older versions of both TOR Browser and Mint going back several years.

Child Tickets

Change History (16)

comment:1 Changed 2 years ago by cypherpunks

I absolutely second this, besides the obvious security concerns, it's utterly annoying to see it happen.

comment:2 Changed 2 years ago by arma

For those of us who don't have a mouse wheel, can you explain what it's actually doing?

Is that the same as "middle mouse click" on X?

So your issue is that when you middle click, you had highlighted a URL before, and you're unhappy that X remembers the text that you had highlighted?

If that's what's going on, I think disabling "you can conveniently copy and paste stuff in the browser and in the rest of your applications" would be a huge lose for usability.

comment:3 Changed 2 years ago by arma

If the above is what this ticket is about, see also #10089.

comment:4 Changed 2 years ago by pqrst

Clicking with the scroll wheel on a link is how I usually open a link in a new tab (it's probably the same as a middle mouse click). BTW, this is also why I encounter the above issue in practice: if I miss the link or click on a non-linked area that I expected to be a link, I get redirected to some random page that I browsed previously. Instead, I would expect nothing to happen if I middle-click on something that can't be opened in a new tab, so this is sort of annoying in any case.

In the case of TOR Browser this is more than just annoying, since it periodically causes me to accidentally reopen pages in normal Firefox that I may not want to have my ip to be associated with. Even if someone does find the above feature convenient, I would say that security takes precedence in this case.

When this occurs, I did not explicitly copy the link in question. It is possible that I selected it for the purpose of deleting the old address and navigating to a new page. If this is what causes the link to be autocopied to the clipboard, I suggest that this be disabled as well: TOR Browser imposes far worse inconveniences on the user than having to explicitly Ctrl-C when you actually want to copy something.

And yes, this does sound related to #10089.

comment:5 Changed 2 years ago by pqrst

At the very least, the clipboard should be cleared as part of "new identity", although disabling autocopy entirely would make more sense IMO.

comment:6 Changed 2 years ago by cypherpunks

Summary: Disable clipboard.autocopy in TOR BrowserDisable clipboard.autocopy in Tor Browser

It's Tor, not TOR.

comment:7 in reply to:  6 Changed 2 years ago by pqrst

Point taken :)

comment:8 Changed 2 years ago by pqrst

Here is a more complete description of what is happening:

  1. You are viewing a website Foo in Tor Browser. You now want to navigate to site Bar. Instead of opening a new tab, you select the old URL (foo.com) in the address bar, delete it and enter bar.com instead. If clipboard.autocopy is enabled in the configuration (which it is by default), this will copy foo.com to the clipboard.
  1. You are done looking at Bar and create a new identity in Tor Browser in order to clean up your browsing session. foo.com is still on the clipboard (although it will be cleared if Tor Browser is closed completely).
  1. In a separate non-Tor Firefox window you middleclick on something that is not a link (I do this by accident quite often). If middlemouse.contentLoadURL is enabled (which it is by default), this will cause Firefox to load the URL currently on the clipboard (foo.com). This means that your IP address is revealed to foo.com, and the fact that you visited foo.com is revealed to your ISP and anyone looking over your shoulder.

Apparently this is a general Firefox on UNIX issue that has been debated for 11 years: https://bugzilla.mozilla.org/show_bug.cgi?id=366945 . It appears that some people actually consider this a feature.

My recommendations are:

  1. Make clipboard.autocopy false by default. This is an OK behavior for mainline Firefox, but in Tor Browser it is a security concern. Especially since many (most?) users don't even know that everything that is selected with the mouse, even just for the purpose of deleting it, automatically ends up on the clipboard. Users who use this feature often can manually enable it in the configuration.
  2. Clear the clipboard when creating a new identity.

I would also argue that middlemouse.contentLoadURL should be disabled by default, but that's a separate issue.

comment:9 Changed 2 years ago by cypherpunks

Clearing the clipboard when creating a new identity seems a bit excessive especially in cases where its contents wasn't set by Tor Browser in the first place. This behavior would also add a side effect to Tor Browser that affects the entire OS.

The other suggestions are better because they reduce (instead of increase) the amount of interaction that Tor Browser has with the OS which is IMO the way to go.

comment:10 Changed 22 months ago by cypherpunks

Clearing the *clipboard* when creating a new identity seems excessive. Clearing the *primary selection* (if Tor Browser currently owns it) when creating a new identity seems highly sensible. Users expect the primary selection to be ephemeral.

comment:11 Changed 22 months ago by cypherpunks

Digging a little more into this, it's not clear whether "clipboard.autocopy" actually does anything.

http://kb.mozillazine.org/Clipboard.autocopy states:

In Linux and some UNIX-like platforms, selecting text will automatically copy the contents of the selection to the clipboard. Mozilla also follows this convention on these platforms. This preference controls that behavior.

Whoever wrote this doesn't know what they're talking about (or, at best, is using really misleading terminology.) On X, the standard convention is that selecting text automatically places it into the PRIMARY selection. The CLIPBOARD selection, in contrast, functions like the system clipboard on Windows/Mac, and is normally only set when you press Ctrl+C or similar.

Moreover, I don't see any difference in behavior here:

  • in Tor Browser with clipboard.autocopy set to true, selecting text sets the PRIMARY selection and doesn't affect the CLIPBOARD;
  • in Tor Browser with clipboard.autocopy set to false, selecting text sets the PRIMARY selection and doesn't affect the CLIPBOARD.

comment:12 Changed 22 months ago by cypherpunks

Keywords: TorBrowserTeam201709R added
Status: newneeds_review

Mozilla finally decided to fix this 11 year old bug report and set middlemouse.contentLoadURL to false in Firefox 57: https://bugzilla.mozilla.org/show_bug.cgi?id=366945

I think it would be nice if someone from the TB team backports this easy patch,

diff --git a/modules/libpref/init/all.js b/modules/libpref/init/all.js
--- a/modules/libpref/init/all.js
+++ b/modules/libpref/init/all.js
@@ -4256,7 +4256,6 @@ pref("browser.drag_out_of_frame_style", 
 
 // Middle-mouse handling
 pref("middlemouse.paste", true);
-pref("middlemouse.contentLoadURL", true);
 pref("middlemouse.openNewWindow", true);
 pref("middlemouse.scrollbarPosition", true);
 
@@ -4319,7 +4318,6 @@ pref("browser.drag_out_of_frame_style", 
 
 // Middle-mouse handling
 pref("middlemouse.paste", true);
-pref("middlemouse.contentLoadURL", true);
 pref("middlemouse.openNewWindow", true);
 pref("middlemouse.scrollbarPosition", true);

It handles Android as well

comment:13 Changed 22 months ago by gk

Owner: changed from tbb-team to gk
Status: needs_reviewassigned

This is about disabling clipboard.autocopy. Let's have the middle-mouse behavior in #10089.

comment:14 Changed 22 months ago by gk

Keywords: TorBrowserTeam201709R removed
Owner: changed from gk to tbb-team

comment:15 Changed 21 months ago by tokotoko

Cc: fdsfgs@… added

comment:16 Changed 19 months ago by cypherpunks

Keywords: tbb-pref tbb-easy added
Note: See TracTickets for help on using tickets.