Opened 9 years ago

Closed 8 years ago

#2338 closed defect (fixed)

Torbutton doesn't set prefs correctly when started in TBB

Reported by: chuckfrasher Owned by: mikeperry
Priority: High Milestone:
Component: TorBrowserButton Version:
Severity: Keywords: MikePerryIterationFires20110630
Cc: Actual Points: 1
Parent ID: Points: 1
Reviewer: Sponsor:

Description

I installed the Tor Bundle with Pidgin. I went to this link to see if geolocation in Firefox could show my real location in Fireofx.

http://blog.mozilla.com/webdev/2009/05/01/geolocation-in-the-browser/

When I clicked on "Share location" it did not reveal my true locatiopn. However, when I refreshed the browser and tried again it *did* give up my exact location. I uninstalled and reinstalled just to make sure and tried again with the same results. If you try it once and then refresh the browser and try again it *does* reveal your true location.

Someone at Wilders Security Forum had posted a way to disable geolocation in Firefox. I typed in about:config in the address bar and toggled geo.enabled to false. This works. However, I am concerned that geolocation is now the biggest threat anonymity, and for people in China and Iran this could be a nightmare.

I disabled geolocation in Firefox because (A). It is a known feature in Firefox (but that doesn't mean that a hidden geolocation feature cannot be added)....and (B). Someone showed me how to disable it. I'm a tech dummy. I would not have known had someone not shown me.

But I think this is just the beginning of a new threat. But anyway I think maybe that it would be a good idea to disable geolocation by default in the Tor Browser Bundle, and also recommend that people who use the Vidalia Bundle do the same in their Firefox. Thanks, Chuck

Child Tickets

Attachments (1)

89ZbEg7r.txt (393 bytes) - added by rransom 9 years ago.
diff -r between TBB and TIMBB for Windows, version 1.3.15

Download all attachments as: .zip

Change History (22)

comment:1 Changed 9 years ago by rransom

Summary: Geolocation in TorGeolocation in Tor Browser Bundles

Which version of Tor Browser Bundle are you using?

comment:2 Changed 9 years ago by phobos

I cannot recreate this with 1.1.1 for linux x86_64. about:config shows geo.enabled;false.

comment:3 Changed 9 years ago by rransom

Priority: normalblocker
Status: newassigned
Summary: Geolocation in Tor Browser BundlesGeolocation is enabled in Tor IM Browser Bundle

During my first run of Tor IM Browser Bundle (for Windows) version 1.3.15 (confirmed by checking the README file inside the bundle), about:config shows preference geo.enabled set to true, even though Torbutton is installed and Tor is enabled.

geo.enabled is set to false in an installation of Tor Browser Bundle for Windows version 1.3.15 that I have been using; I have not checked that preference in the first run of a new installation.

Changed 9 years ago by rransom

Attachment: 89ZbEg7r.txt added

diff -r between TBB and TIMBB for Windows, version 1.3.15

comment:4 Changed 9 years ago by rransom

I have attached a diff between TBB and TIMBB, both version 1.3.15 for Windows.

I extracted both bundles using the command-line 7z tool on Linux. The SHA256 hashes of the bundles are:

3bb41aac495e8685276d58b078a24865e8c79f13e8701c71427e4f99d741d744 tor-browser-1.3.15_en-US.exe

2b327e6aa30aa7cf14bbc050d38a1460da347b4e9962b860b46e6bff22100a6a tor-im-browser-1.3.15_en-US.exe

geo.enabled remained true the second time I started my test installation of TIMBB.

comment:5 Changed 9 years ago by rransom

Summary: Geolocation is enabled in Tor IM Browser BundleGeolocation is enabled in Tor Browser Bundles

I just extracted a new copy of TBB for Windows 1.3.15, and geo.enabled is set to true in that.

comment:6 Changed 9 years ago by rransom

I had already toggled Torbutton in the TBB I had been using. In a newly extracted TBB, Torbutton shows 'Tor Enabled' in the status bar, but the code that Torbutton is supposed to run when it becomes enabled has never been run. Toggling Torbutton off, then on, in an instance of TBB is sufficient to configure it properly, but most users will not have done that.

katmagic suggested checking the value of network.dns.disablePrefetch; Torbutton set it to true in my used TBB, but it is not present in about:config in my new TBB. At this point, geo.enabled=true is probably the least serious problem in TBB.

katmagic also confirmed that this problem is present in TBB for Linux.

comment:7 Changed 9 years ago by rransom

Also, browser.cache.offline.enable is set to true in TBB until the user toggles Torbutton off, then on (which the user will probably never do).

comment:8 Changed 9 years ago by arma

Component: Tor bundles/installationTorbutton
Owner: changed from erinn to mikeperry
Priority: blockermajor

Assigning this one as a Torbutton bug -- it looks at first glance like the right fix is for Torbutton to run all the "I just toggled Torbutton on" code when it starts up in the enabled state.

comment:9 Changed 9 years ago by rransom

Editing FirefoxPortable/App/DefaultData/profile/prefs.js to set extensions.torbutton.proxies_applied to false (instead of true, which that file currently sets) fixes this bug, but prevents check.tpo from appearing properly on startup. This change needs to be made in both build-scripts/config/prefs.js and build-scripts/config/linux-prefs.js in the TBB source repository, and possibly other places.

comment:10 Changed 9 years ago by rransom

Priority: majorblocker

I'm setting this bug back to 'blocker' because of the browser.cache.offline.enable issue. That preference alone is a major disaster, since it allows web sites to write 'offline data' to TBB users' disks.

comment:11 Changed 9 years ago by rransom

Status: assignedneeds_review

I've pushed a fix for this to bug2338 ( ssh://mob@repo.or.cz/srv/git/torbrowser/rransom.git bug2338 ). My branch also removes linux-prefs.js, since it is no longer used.

comment:12 Changed 9 years ago by bee

Hi!!!!!!!!!!!!!!!!

Surely, the list of "newest 20 tickets" contains a lot of surprises!!!!!!!

I also tested the TOR BROWSER BUNDLE for LINUX, and the geolocation and browser.cache.offline.enable are enabled!!!!!

That's why i suggest everyone to use my FactorBee!!!!!!!!! You can build it from the source very easily, and it has a lot of very useful scripts to improve the privacy of users!!!!!!!!!! It's a very safe Tor Browser Bundle for linux!!!!!
It has a very safe and working configuration for FireFOX too!!!!!!!! The geolocation and the offline cache are well disabled!!!!!!!!!!!
As phobos said, with TORBrowser Bundles: your mileage may vary!!!!!!!! https://blog.torproject.org/blog/tor-browser-bundle-updates#comment-6074
I suggest to ask to Erinn to manage the software, because i don't know if mikeperry is appropriate!!!!!!!! A lot of time ago, after my advice, Erinn pushed the OpenSSL library into the package, as mikeperry forgot to include it in the Tor Browser Bundle!!!!!!!!
When the official Tor Bundle improves, it actually just copies something from my Tor Browser Bundle!!!!!!!!! Like having Chris's patch applied & removing Polipo!!!!!!!!!!! Or even pushing the Firefox serie 3.6.* (the TorProject did this so suddenly without any review of the software!!, but only becuase Mozilla decided to drop the security and stability updates for FF3.5.*!!!!!!) Anyway, they all were features FactorBee had from ages!!!!!!!!!! So, from one day to another, it's easy to copy good ideas and having a working result!!!!!!! (well, it seems not even so much working after having read of the flaw reported here!!!!!!! lolol!!!!!!!)
YEAH!!!!!!!!!! In the end, FactorBee is the very best and it's the only Tor Browser Bundle (for linux!!!) safe for real!!!!!!!! It was also the first TorBB for linux ever made!!!!!! And i made it!!!!!!!!!!!!!!!!!!!!!!!! VERY GOOD!!!!!!!!!!!

The "ingredient" to have a good Tor Browser Bundle, is to make it with love!!!! And this is something that cannot be copied!!!!!!!!!!

Everything else is, as per phobos, "simply pile together lots of software and assume it is all good"!!!!!!!!!

bye!!!!!!!!!
~bee!!!!!

comment:13 Changed 9 years ago by arma

Summary: Geolocation is enabled in Tor Browser BundlesTorbutton doesn't set prefs correctly when started in TBB

Changing trac entry title so Mike will notice it better (I hope).

In the mean time, as I understand it, we can either apply rransom's patch (which will break the loading of the frontpage the first time you run TBB), or we can run TBB twice and then copy the resulting prefs.js into the TBB we ship. Seems like the latter approach is slightly better because it allows the frontpage to still load. But both of them are pretty crappy stopgaps compared to actually fixing Torbutton.

(Any way we look at it, trying to modify the prefs file by hand is a bad idea -- looks like helix tried to fix just the prefs.js entries were reported, but rransom has already pointed out one that didn't get fixed, and who knows what else there is.)

I guess the challenge Mike is going to have is that he needs to call the 'change firefox's prefs' part of the code without calling the 'cancel javascript timers' part of the code, when Torbutton starts up in enabled mode. I'm not clear on how modular Torbutton is, but if it isn't this modular, that's also something to be fixed.

comment:14 Changed 9 years ago by Sebastian

Sounds like we should try the "run tbb twice and then copy prefs.js into tbb" approach now, to get a quick fix out to users. And once we have an updated Torbutton, we can integrate that in the next regular release to fix it properly and prevent the bug from reappearing.

comment:15 Changed 9 years ago by erinn

I have branch bug_2338 in erinn/torbrowser.git and have uploaded a test package with a fixed prefs.js here:
http://erinn.org/~e/tor-browser_en-US-bug_2338.exe
http://erinn.org/~e/tor-browser_en-US-bug_2338.exe.asc

Please let me know if this is a sufficiently large bandaid until we get a proper fix.

comment:16 in reply to:  15 Changed 9 years ago by rransom

Replying to erinn:

I have branch bug_2338 in erinn/torbrowser.git and have uploaded a test package with a fixed prefs.js here:
http://erinn.org/~e/tor-browser_en-US-bug_2338.exe
http://erinn.org/~e/tor-browser_en-US-bug_2338.exe.asc

Please let me know if this is a sufficiently large bandaid until we get a proper fix.

It works for me.

comment:17 in reply to:  15 Changed 9 years ago by rransom

Replying to erinn:

I have branch bug_2338 in erinn/torbrowser.git and have uploaded a test package with a fixed prefs.js here:
http://erinn.org/~e/tor-browser_en-US-bug_2338.exe
http://erinn.org/~e/tor-browser_en-US-bug_2338.exe.asc

Docs/README-TorBrowserBundle needs a changelog entry for version 1.3.16 before this is released, and the last few entries in it need to have their line endings changed from Unix to DOS/Windows style (preferably by the build process).

comment:18 Changed 9 years ago by rransom

Priority: blockermajor
Status: needs_reviewassigned

Reducing priority to 'major', since the TBB disaster has been fixed and this ticket repurposed to a Torbutton feature request.

comment:19 Changed 8 years ago by mikeperry

Component: TorbuttonTorBrowserButton

comment:20 Changed 8 years ago by mikeperry

Keywords: MikePerryIterationFires20110630 added

Whee. Turns out to do #2843 properly, we also have to fix this properly.

comment:21 Changed 8 years ago by mikeperry

Actual Points: 1
Points: 1
Resolution: fixed
Status: assignedclosed

Alright, the fix isn't so hard after all: If tor is enabled at startup, we re-toggle to copy the prefs over, and force load the homepage afterwords. If tor is set to be enabled at startup but was not enabled according to prefs.js, we also reload the homepage after the toggle.

So we should now be handling this bug properly with or without the changes to proxies_applied.

Fix is in origin/master. Will appear in 1.4.0.

Note: See TracTickets for help on using tickets.