Opened 3 weeks ago

Closed 3 weeks ago

Last modified 2 weeks ago

#28507 closed defect (fixed)

TBA: Set privacy preferences

Reported by: igt0 Owned by: tbb-team
Priority: High Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: tbb-mobile, tbb-disk-leak, TorBrowserTeam201811R
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor: Sponsor8

Description

All the privacy.clearOnShutdown.* used on Desktop doesn't work on mobile(Currently, we are violating the disk avoidance property).
On mobile we need to use the privacy.clear flag with the following attributes:

private.data.openTabs
private.data.history
private.data.searchHistory
private.data.downloadFiles
private.data.formdata
private.data.cookies_sessions
private.data.cache
private.data.offlineApps
private.data.siteSettings
private.data.syncedTabs
private.data.passwords

Child Tickets

Change History (18)

comment:1 Changed 3 weeks ago by igt0

Component: - Select a componentApplications/Tor Browser
Owner: set to tbb-team
Severity: NormalCritical

comment:2 Changed 3 weeks ago by sysrqb

Isn't this why we set the GeckoPreferences prefs? Or, is this not working?

https://gitweb.torproject.org/tor-browser.git/commit/?h=tor-browser-60.3.0esr-8.5-1&id=312abcdb8d1dc2238296efb170a8b4af9db18c77

https://gitweb.torproject.org/tor-browser.git/commit/?h=tor-browser-60.3.0esr-8.5-1&id=ebf9fc1ac446a70aa2025ebe4696a8cc5fdce525

Also, I think we decided we don't want to clear downloads on exit because this is the same behavior as desktop.

comment:3 Changed 3 weeks ago by gk

Keywords: tbb-mobile added
Priority: MediumHigh
Severity: CriticalNormal

comment:4 Changed 3 weeks ago by gk

Keywords: tbb-disk-leak added

comment:5 in reply to:  2 Changed 3 weeks ago by igt0

Looking the:

https://gitweb.torproject.org/tor-browser.git/commit/?h=tor-browser-60.3.0esr-8.5-1&id=ebf9fc1ac446a70aa2025ebe4696a8cc5fdce525

And the code that uses it. Android just updates the prefs when the user manually clicks in the "Set" button. We can use the distribution preferences to forcefully update them.

However, we have other problem. If the user closes the browser without clicking in the quit button in the TBA menu, the sanitize method in the browser.js is not called and the TBA doesn't delete any session information.

Replying to sysrqb:

Isn't this why we set the GeckoPreferences prefs? Or, is this not working?

https://gitweb.torproject.org/tor-browser.git/commit/?h=tor-browser-60.3.0esr-8.5-1&id=312abcdb8d1dc2238296efb170a8b4af9db18c77

https://gitweb.torproject.org/tor-browser.git/commit/?h=tor-browser-60.3.0esr-8.5-1&id=ebf9fc1ac446a70aa2025ebe4696a8cc5fdce525

Also, I think we decided we don't want to clear downloads on exit because this is the same behavior as desktop.

comment:6 Changed 3 weeks ago by igt0

Status: newneeds_review

comment:7 Changed 3 weeks ago by sysrqb

This may be a silly question, but can you simply refactor the quitAndClear() method into a quit() and clearPrivateData()? And then call clearPrivateData() in onCreate()?

comment:8 in reply to:  7 Changed 3 weeks ago by igt0

I update the code:

Bug 28507: Parse a set of strings in Android Set Preferences
https://trac.torproject.org/projects/tor/attachment/ticket/28507/0001-Bug-28507-Parse-a-set-of-strings-in-Android-Set-Pref.patch

Bug 28507: Add prefs that allow the browser to delete browsing history by default
https://trac.torproject.org/projects/tor/attachment/ticket/28507/0002-Bug-28507-Add-prefs-that-allow-the-browser-to-delete.patch

Bug 28507: Implement fallback to delete private data in the browser startup
https://trac.torproject.org/projects/tor/attachment/ticket/28507/0003-Bug-28507-Implement-fallback-to-delete-private-data-.patch

quitAndClear and the clear private data logic are different because we are calling different events Browser:Quit and Sanitize:ClearData, respectively. That said, I created a new java method that builds the arguments used by both methods.

Replying to sysrqb:

This may be a silly question, but can you simply refactor the quitAndClear() method into a quit() and clearPrivateData()? And then call clearPrivateData() in onCreate()?

comment:9 Changed 3 weeks ago by sysrqb

Great, thanks! 0003 looks better now - that's what I imagined.

Really, this seems like an upstream bug. Changing the Distribution-specific code doesn't seem like the correct way we should handle this.

I still need to test these patches, but they look okay.

comment:10 Changed 3 weeks ago by gk

Keywords: TorBrowserTeam201811R added

comment:11 Changed 3 weeks ago by gk

Hm, for some reason the preferences.json file is not visible in the .apk. I have the same issue with #27111 but I am quite sure that it at some point got included (I even have a .apk lying around that shows this). I need to debug this first before making progress on this bug...

comment:12 in reply to:  11 Changed 3 weeks ago by gk

Replying to gk:

Hm, for some reason the preferences.json file is not visible in the .apk. I have the same issue with #27111 but I am quite sure that it at some point got included (I even have a .apk lying around that shows this). I need to debug this first before making progress on this bug...

I guess setting TB_BUILD_WITH_DISTRIBUTION fell through the cracks while transitioning to tor-browser-build...

comment:13 Changed 3 weeks ago by gk

I pushed a fixup commit to tor-browser-builds master branch that cases care of the TB_BUILD_WITH_DISTRIBUTION issue (commit f38b27734129d7a83f068e09ea1a1d07327622f5).

comment:14 Changed 3 weeks ago by gk

Resolution: fixed
Status: needs_reviewclosed

Looks okay to me. I pushed the patches to tor-browser-60.3.0esr-8.5-1 (commits b03bfc5100f3d255ae0116ab18653759f87fe241, 57ef4c8201764f36e50347e913825c99ba2dc8bd, and 977e468c7f83b78cf920a7aa4943147eda195c45).

I agree with sysrqb that we should file an upstream bug for that and get it properly fixed. igt0 could you do that?

I am not sure yet what "ideally" exactly means in this case but I feel looking at the other Tor Browser platforms something like when I close the session my private data is gone sounds like a good idea. What is Fennec's PBM on Android doing here?

comment:15 Changed 2 weeks ago by pili

Sponsor: Sponsor8
Note: See TracTickets for help on using tickets.