TBA: Set privacy preferences

All the privacy.clearOnShutdown.* used on Desktop doesn't work on mobile(Currently, we are violating the disk avoidance property). On mobile we need to use the privacy.clear flag with the following attributes:

private.data.openTabs
private.data.history
private.data.searchHistory
private.data.downloadFiles
private.data.formdata
private.data.cookies_sessions
private.data.cache
private.data.offlineApps
private.data.siteSettings
private.data.syncedTabs
private.data.passwords

added TorBrowserTeam201811R component::applications/tor browser owner::tbb-team priority::high resolution::fixed severity::normal sponsor::8 status::closed tbb-disk-leak tbb-mobile type::defect labels

Trac:
Component: - Select a component to Applications/Tor Browser
Owner: N/A to tbb-team
Severity: Normal to Critical

Isn't this why we set the GeckoPreferences prefs? Or, is this not working?

https://gitweb.torproject.org/tor-browser.git/commit/?h=tor-browser-60.3.0esr-8.5-1&id=312abcdb8d1dc2238296efb170a8b4af9db18c77

https://gitweb.torproject.org/tor-browser.git/commit/?h=tor-browser-60.3.0esr-8.5-1&id=ebf9fc1ac446a70aa2025ebe4696a8cc5fdce525

Also, I think we decided we don't want to clear downloads on exit because this is the same behavior as desktop.

Trac:
Keywords: N/A deleted, tbb-mobile added
Severity: Critical to Normal
Priority: Medium to High

Trac:
Keywords: N/A deleted, tbb-disk-leak added

Looking the:

https://gitweb.torproject.org/tor-browser.git/commit/?h=tor-browser-60.3.0esr-8.5-1&id=ebf9fc1ac446a70aa2025ebe4696a8cc5fdce525

And the code that uses it. Android just updates the prefs when the user manually clicks in the "Set" button. We can use the distribution preferences to forcefully update them.

However, we have other problem. If the user closes the browser without clicking in the quit button in the TBA menu, the sanitize method in the browser.js is not called and the TBA doesn't delete any session information.

Replying to sysrqb:

Isn't this why we set the GeckoPreferences prefs? Or, is this not working?

https://gitweb.torproject.org/tor-browser.git/commit/?h=tor-browser-60.3.0esr-8.5-1&id=312abcdb8d1dc2238296efb170a8b4af9db18c77

https://gitweb.torproject.org/tor-browser.git/commit/?h=tor-browser-60.3.0esr-8.5-1&id=ebf9fc1ac446a70aa2025ebe4696a8cc5fdce525

Also, I think we decided we don't want to clear downloads on exit because this is the same behavior as desktop.

Trac:
0001-Bug-28507-Parse-a-set-of-strings-in-Android-Set-Pref.patch

Trac:
0002-Bug-28507-Add-prefs-that-allow-the-browser-to-delete.patch

Bug 28507: Parse a set of strings in Android Set Preferences https://trac.torproject.org/projects/tor/attachment/ticket/28507/0001-Bug-28507-Parse-a-set-of-strings-in-Android-Set-Pref.patch

Bug 28507: Add prefs that allow the browser to delete browsing history by default https://trac.torproject.org/projects/tor/attachment/ticket/28507/0002-Bug-28507-Add-prefs-that-allow-the-browser-to-delete.patch

Bug 28507: Implement fallback to delete private data in the browser startup https://trac.torproject.org/projects/tor/attachment/ticket/28507/0003-Bug-28507-Implement-fallback-to-delete-private-data-.patch

Trac:
Status: new to needs_review

This may be a silly question, but can you simply refactor the quitAndClear() method into a quit() and clearPrivateData()? And then call clearPrivateData() in onCreate()?

Trac:
0003-Bug-28507-Implement-fallback-to-delete-private-data-.patch

I update the code:

Bug 28507: Parse a set of strings in Android Set Preferences https://trac.torproject.org/projects/tor/attachment/ticket/28507/0001-Bug-28507-Parse-a-set-of-strings-in-Android-Set-Pref.patch

Bug 28507: Add prefs that allow the browser to delete browsing history by default https://trac.torproject.org/projects/tor/attachment/ticket/28507/0002-Bug-28507-Add-prefs-that-allow-the-browser-to-delete.patch

Bug 28507: Implement fallback to delete private data in the browser startup https://trac.torproject.org/projects/tor/attachment/ticket/28507/0003-Bug-28507-Implement-fallback-to-delete-private-data-.patch

quitAndClear and the clear private data logic are different because we are calling different events Browser:Quit and Sanitize:ClearData, respectively. That said, I created a new java method that builds the arguments used by both methods.

Replying to sysrqb:

This may be a silly question, but can you simply refactor the quitAndClear() method into a quit() and clearPrivateData()? And then call clearPrivateData() in onCreate()?

Great, thanks! 0003 looks better now - that's what I imagined.

Really, this seems like an upstream bug. Changing the Distribution-specific code doesn't seem like the correct way we should handle this.

I still need to test these patches, but they look okay.

Trac:
Keywords: N/A deleted, TorBrowserTeam201811R added

Hm, for some reason the preferences.json file is not visible in the .apk. I have the same issue with #27111 (moved) but I am quite sure that it at some point got included (I even have a .apk lying around that shows this). I need to debug this first before making progress on this bug...

Replying to gk:

Hm, for some reason the preferences.json file is not visible in the .apk. I have the same issue with #27111 (moved) but I am quite sure that it at some point got included (I even have a .apk lying around that shows this). I need to debug this first before making progress on this bug...

I guess setting TB_BUILD_WITH_DISTRIBUTION fell through the cracks while transitioning to tor-browser-build...

I pushed a fixup commit to tor-browser-builds master branch that cases care of the TB_BUILD_WITH_DISTRIBUTION issue (commit f38b27734129d7a83f068e09ea1a1d07327622f5).

Looks okay to me. I pushed the patches to tor-browser-60.3.0esr-8.5-1 (commits b03bfc5100f3d255ae0116ab18653759f87fe241, 57ef4c8201764f36e50347e913825c99ba2dc8bd, and 977e468c7f83b78cf920a7aa4943147eda195c45).

I agree with sysrqb that we should file an upstream bug for that and get it properly fixed. igt0 could you do that?

I am not sure yet what "ideally" exactly means in this case but I feel looking at the other Tor Browser platforms something like when I close the session my private data is gone sounds like a good idea. What is Fennec's PBM on Android doing here?

Trac:
Status: needs_review to closed
Resolution: N/A to fixed

Trac:
Sponsor: N/A to Sponsor8

closed

mentioned in issue #28513 (moved)

mentioned in issue #30239 (moved)

mentioned in issue #30573 (moved)

moved to tpo/applications/tor-browser#28507 (closed)

mentioned in issue tpo/applications/tor-browser#28513 (closed)