Feature review for ESR68

Go over release notes and review any new features introduced in ESR68

added GeorgKoppen201910 TorBrowserTeam201910 actualpoints::6 component::applications/tor browser owner::tbb-team points::3 priority::very high resolution::fixed severity::normal status::closed tbb-9.0-must-alpha type::defect labels

Trac:
Keywords: N/A deleted, tbb-9.0-must-alpha added
Priority: Medium to Very High

Trac:
Points: N/A to 3

Trac:
Keywords: N/A deleted, TorBrowserTeam201910 added

Trac:
Keywords: TorBrowserTeam201909 deleted, N/A added

Trac:
Keywords: N/A deleted, GeorgKoppen201910 added

Ok I looked through FF68's dev docs in detail. The only thing that struck me as remotely concerning was the potential ability to build high precision timers for performance fingerprinting out of the Close Caption https://developer.mozilla.org/en-US/docs/Web/API/TextTrack/cuechange_event.. I don't think we have gone down that rabbithole of trying to eliminate such timers, right? And it's not even clear that the accuracy of this timer would be very high in the first place, so it might not even be possible.

We have not addressed techniques that build timers out of web features like this one would be. We have only addressed things that have explicit timestamps (either absolute or relative.)

Fuzzyfox would address constructed timers, but while we have all the code for it, we haven't investigated/tested it.

Trac:
Parent: #31144 (moved) to N/A

Here come my notes for Firefox 61-67 (inclusive) dev-doc reviews:

The developer docs can be found at https://developer.mozilla.org/en-US/docs/Mozilla/Firefox/Releases/XX (Where "XX" is the actual Firefox version to be investigated).

There was nothing concerning for Firefox 61 and 62.

For Firefox 63 we have the Media Capabilities API (https://bugzilla.mozilla.org/show_bug.cgi?id=1409664) which we addressed in #13543 (moved). I made a note on #16678 (moved) as changes might affect this bug and filed an investigated #31954 (moved). I skimmed https://bugzilla.mozilla.org/show_bug.cgi?id=1349799 and think the WebGL power preference in this bug is not a problem for us.

Nothing found for Firefox 64.

There are some items for Firefox 65: RelativeTimeFormat (https://bugzilla.mozilla.org/show_bug.cgi?id=1504334) which got investigated in #31985 (moved). Then we have the Streams API (#31997 (moved)), Storage Access API (#32002 (moved)) and new WebGL extensions (#32013 (moved))

Nothing found for Firefox 66.

New WebGL extension in Firefox 67. I opened #32057 (moved) and investigated the new feature.

All in all I think we are not in bad shape here.

Replying to mikeperry:

Ok I looked through FF68's dev docs in detail. The only thing that struck me as remotely concerning was the potential ability to build high precision timers for performance fingerprinting out of the Close Caption https://developer.mozilla.org/en-US/docs/Web/API/TextTrack/cuechange_event.. I don't think we have gone down that rabbithole of trying to eliminate such timers, right? And it's not even clear that the accuracy of this timer would be very high in the first place, so it might not even be possible.

Yeah, as Tom said we did no go down that rabbit hole yet. I think we have #16110 (moved) for the general area and now #32350 (moved) for your issue in particular.

Trac:
Status: new to closed
Actualpoints: N/A to 6
Resolution: N/A to fixed

Replying to gk:

Here come my notes for Firefox 61-67 (inclusive) dev-doc reviews:

The developer docs can be found at https://developer.mozilla.org/en-US/docs/Mozilla/Firefox/Releases/XX (Where "XX" is the actual Firefox version to be investigated).

There was nothing concerning for Firefox 61 and 62.

For Firefox 63 we have the Media Capabilities API (https://bugzilla.mozilla.org/show_bug.cgi?id=1409664) which we addressed in #13543 (moved). I made a note on #16678 (moved) as changes might affect this bug and filed an investigated #31954 (moved). I skimmed https://bugzilla.mozilla.org/show_bug.cgi?id=1349799 and think the WebGL power preference in this bug is not a problem for us.

Nothing found for Firefox 64.

Technically speaking this is not correct. Interaction Media Features got implemented including pointer/hover (see: https://bugzilla.mozilla.org/show_bug.cgi?id=1035774 and https://bugzilla.mozilla.org/show_bug.cgi?id=1483111). However, thanks to Mozilla engineers fingerprinting issues have been taken into account right from the beginning. So, once resist fingerprinting mode is on a mouse-type pointer is given back. It seems to me this holds for mobile, too, which we might want to revisit (tjr mentioned it should be touchscreen values there (https://bugzilla.mozilla.org/show_bug.cgi?id=1035774#c25)).

Replying to mikeperry:

Ok I looked through FF68's dev docs in detail.

The Viewport API might be relavant here, too, even though it does not seem too critical. We have #30542 (moved) for that.

closed

changed time estimate to 24h

added 48h of time spent

moved to tpo/applications/tor-browser#31591 (closed)