Opened 16 months ago

Closed 13 months ago

Last modified 13 months ago

#31019 closed task (fixed)

Investigate update on Windows via BITS

Reported by: gk Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: ff68-esr, tbb-update, tbb-proxy-bypass
Cc: mcs, brade Actual Points: 0.1
Parent ID: Points:
Reviewer: Sponsor: Sponsor44-can


It seems there is coming a new update method for Windows users with Firefox 68 ESR which is called BITS (Background Intelligent Transfer Service), which is a Windows component.[1] The marketing promise is that "This change will allow Firefox to continue downloading an update
after Firefox has been closed." [2] which seems to be dangerous in the Tor Browser context.

There is a pref we can flip, though to use the older internal updater [3]. However, we should make sure the potential proxy bypass I am seeing here is actually mitigated by that.


Child Tickets

Change History (6)

comment:1 Changed 16 months ago by cypherpunks

Background Update Agent updates system-wide installation of Tor Browser without user intervention, downloading update through system Tor proxy via BITS... very far future...

comment:2 Changed 16 months ago by mcs

We will need to confirm, but it looks like the code that interacts with BITS can be omitted from the build by adding --disable-bits-download to our .mozconfig-mingw file.

comment:3 Changed 15 months ago by pili

Sponsor: Sponsor44-can

Adding Sponsor 44 to ESR68 tickets

comment:4 Changed 13 months ago by gk

mcs/brade are we good here?

comment:5 in reply to:  4 Changed 13 months ago by mcs

Resolution: fixed
Status: newclosed

Replying to gk:

mcs/brade are we good here?


comment:6 Changed 13 months ago by mcs

Actual Points: 0.1

I added "Actual Points" (minimal because most of the work for this was done as part of #30429).

Note: See TracTickets for help on using tickets.