Opened 7 months ago

Last modified 2 months ago

#30682 new enhancement

Adapt Intermediate Preloading for Tor Browser

Reported by: cypherpunks Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: ff78-esr
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor: Sponsor44-can

Description

Child Tickets

Change History (5)

comment:1 Changed 7 months ago by tom

My initial thought is we should disable it unless we can bundle all the intermediates in TB. I am uncomfortable having TB doing kinto requests to Mozilla that disclose any data about the user's state, even if it's disclosing very minimal information over tor: https://groups.google.com/forum/#!searchin/mozilla.dev.platform/intermediate|sort:date/mozilla.dev.platform/ATbLAQpWLXE/F0MpR2wFBgAJ

comment:2 Changed 4 months ago by pili

Sponsor: Sponsor44-can

Adding Sponsor 44 to ESR68 tickets

comment:3 Changed 3 months ago by acat

We could place the bundle in services/settings/dumps/main/ (https://searchfox.org/mozilla-esr68/rev/8d7d1cd37b45b4cb0a512234537d0e950d30a547/services/common/docs/RemoteSettings.rst#154) but I think that to use it while avoiding the remote fetch/sync would require some patching.

comment:4 Changed 2 months ago by acat

It seems we do not have to worry about this for esr68, since the feature is only enabled if MOZ_NEW_CERT_STORAGE=1 (https://searchfox.org/mozilla-esr68/rev/4fc15df791ad4d3ceaf1a958af2bfc1252433ca8/services/common/blocklist-clients.js#268), which is currently enabled only on Firefox Nightly. And I don't think we want to enable it while it's not even in latest Firefox (69 at the time of writing).

comment:5 in reply to:  4 Changed 2 months ago by gk

Keywords: ff78-esr added; ff68-esr removed

Replying to acat:

It seems we do not have to worry about this for esr68, since the feature is only enabled if MOZ_NEW_CERT_STORAGE=1 (https://searchfox.org/mozilla-esr68/rev/4fc15df791ad4d3ceaf1a958af2bfc1252433ca8/services/common/blocklist-clients.js#268), which is currently enabled only on Firefox Nightly. And I don't think we want to enable it while it's not even in latest Firefox (69 at the time of writing).

Sounds good. FWIW: I think the relevant bug here is: https://bugzilla.mozilla.org/show_bug.cgi?id=1555110 (which would disable the feature even if MOZ_NEW_CERT_STORAGE was set)

Note: See TracTickets for help on using tickets.