Opened 7 years ago

Closed 7 years ago

#4795 closed defect (fixed)

TBB does not like the standard theme on Windows XP, Vista, and 7

Reported by: runa Owned by: mikeperry
Priority: Medium Milestone:
Component: Firefox Patch Issues Version:
Severity: Keywords: MikePerry201206
Cc: StrangeCharm, Shondoit, erinn Actual Points: 3
Parent ID: Points: 3
Reviewer: Sponsor:

Description

The latest TBB does not like the standard theme on Windows XP, Vista, and 7. The minimize, maximize, and close buttons in the top right corner are not visible. And the box displaying certificate information is transparent and not solid. See the attached screenshot.

A temporary fix is to change to the classic Windows theme.

Child Tickets

Attachments (10)

tor-browser-2.2.35-3_en-US-Areo-Windows-7.png (87.1 KB) - added by runa 7 years ago.
2012-02-04-ticket-4795-tbb-02235-5.png (229.2 KB) - added by phobos 7 years ago.
1._TBBv2.2.35-8_bookmarks_boxes.jpg (39.5 KB) - added by cypherpunks 7 years ago.
2._TBBv2.2.35-8_SSL-cert-info.jpg (37.3 KB) - added by cypherpunks 7 years ago.
3._TBBv2.2.35-9_buttons_bookmark_no-Aero-theme_best-performace-setting.jpg (28.5 KB) - added by cypherpunks 7 years ago.
4._TBBv2.2.35-9_SSL_cert_info_no-Aero-theme_best-performace-setting.jpg (28.1 KB) - added by cypherpunks 7 years ago.
disable_Add-on-bar.jpg (33.4 KB) - added by cypherpunks 7 years ago.
test-moz-media-queries.html (1.7 KB) - added by Shondoit 7 years ago.
Test page to view the available Media Features. Green is enabled, which is bad in our case.
tor_tor.png (117.3 KB) - added by catalinus 7 years ago.
Screen capture for Tor Browser
tor_ff.png (156.2 KB) - added by catalinus 7 years ago.
Screen capture for FF in identical conditions

Download all attachments as: .zip

Change History (69)

comment:1 Changed 7 years ago by runa

It seems the classic theme fixes the issue with the three buttons in the top right corner, but the certificate info box is still transparent.

comment:2 Changed 7 years ago by rransom

Cc: StrangeCharm added
Component: Tor bundles/installationTor Browser
Owner: changed from erinn to mikeperry

This sounds like a pair of unrelated upstream Firefox bugs.

comment:3 Changed 7 years ago by Shondoit

Cc: Shondoit added

comment:4 Changed 7 years ago by runa

Adding comment from phobos; "Five people have called today to report the new 0.2.2.35-4 TBB in Win7 doesn't have the normal window management buttons (min, max, close) displaying. The buttons do work, if you click in the right spot, but the display is a big black bar. So far, this is happening on Win7 32bit and 64bit."

comment:5 Changed 7 years ago by Shondoit

Cc: erinn added
Status: newneeds_review

Missing mozconfig seemed to be the problem. We've always used the default, and they may have screwed up the default.

Branch bug4795 in my Github fixed the problem for me.
Erinn: Perhaps you can try a build?
https://github.com/Shondoit/torbrowser/tree/bug4795

If needed, you can play with some of the flags.
I know the official mozconfig with only the *-official flags disabled works as well.

comment:6 Changed 7 years ago by Shondoit

Did a full redownload of all the sources and a full build and it seems to be fixed.
Perhaps a bad Firefox source dist?

comment:7 Changed 7 years ago by mikeperry

Owner: changed from mikeperry to erinn
Status: needs_reviewassigned

comment:8 Changed 7 years ago by mikeperry

Status: assignedneeds_review

Silly trac.

comment:9 Changed 7 years ago by Shondoit

Right, so it turned out that the already existing mozconfig was only copied when patching mozilla-build. Instead it should be copied before each build.
Erinn fixed this with her last commit.
Firefox 10 should be released January 31st and it should be fixed with TBB's new release.

comment:10 Changed 7 years ago by erinn

Resolution: fixed
Status: needs_reviewclosed

Fixed. Closing.

comment:11 Changed 7 years ago by Shondoit

Resolution: fixed
Status: closedreopened

Reopening, cause unfortunately it did not seem to be fixed with 2.2.35-5 (Firefox 10)

comment:12 Changed 7 years ago by phobos

It works for me on Win 7 pro.

comment:13 in reply to:  12 Changed 7 years ago by Shondoit

Replying to phobos:

It works for me on Win 7 pro.

Here is how it seem to work with different settings:

  • (Full) Aero: The window buttons show up black and the in-frame pop-ups (e.g. certificate info) are transparent
  • Aero Basic: The buttons show up fine, however, the pop-ups are still transparent
  • Classic: Same as Aero Basic

So if you want to check if it's fixed, the best thing to do is check the certificate by clicking the lock in the address bar. (You can look at Runa's attachment to see how it looks)

I checked the release notes to make sure I was using 2.2.35-5 and I was.

comment:14 Changed 7 years ago by phobos

Here's what I see, attached.

Changed 7 years ago by phobos

comment:15 Changed 7 years ago by phobos

it looks the same in aero full, aero basic, and classic.

comment:16 in reply to:  15 ; Changed 7 years ago by rransom

Replying to phobos:

it looks the same in aero full, aero basic, and classic.

If you're running Windows 7 in a VM, you're not really using Aero because Windows 7 doesn't have Direct3D drivers for your VM's virtual graphics card.

comment:17 in reply to:  16 Changed 7 years ago by Shondoit

Replying to phobos:

Here's what I see, attached.

Mhm, that only confirms it. Your cert pop-up is transparent.
And what you're seeing right now is Aero Basic. If you had full Aero the window borders (and taskbar) would be translucent.

Replying to rransom:

Replying to phobos:

it looks the same in aero full, aero basic, and classic.

If you're running Windows 7 in a VM, you're not really using Aero because Windows 7 doesn't have Direct3D drivers for your VM's virtual graphics card.

Partially true. It's the responsibility of the VM software manufacturer to supply proper drivers.
If the driver is WDDM 1.0 compliant, then Windows can use Direct3D for rendering.
VirtualBox has experimental support and I believe VMware has full WDDM support.

If you want to check if the bug is fixed, check for a transparent cert pop-up. It's the only sure-fire way.

Erinn: can you check if the mozconfig was in the source folder this time?

comment:18 Changed 7 years ago by erinn

Yep, it's definitely there. Are there build options that definitely fix it?

comment:19 in reply to:  18 Changed 7 years ago by Shondoit

Replying to erinn:

Yep, it's definitely there. Are there build options that definitely fix it?

I wouldn't say 'definitely fix it', but the default works just fine for me.
I do make -f windows.mk clean fetch-firefox unpack-firefox build-firefox copy-firefox bundle to make sure everything is clean and fresh.

comment:20 Changed 7 years ago by mikeperry

Component: Tor BrowserTor bundles/installation

comment:21 Changed 7 years ago by nefanon

Here's a temp fix I used: Change the \FirefoxPortable\App\Firefox\tbb-firefox.exe properties to use "Windows XP SP3" for compatibility. It at least shows the minimize/maximize/close buttons.

comment:22 in reply to:  21 Changed 7 years ago by Merc

The problem is back since Tor Browser Bundle 2.2.35-9

With 2.2.35-8 it still works at Win 7 / 32bit.

https://trac.torproject.org/projects/tor/ticket/5688

comment:23 Changed 7 years ago by cypherpunks

And lets not forget about the bookmark box transparency! Really, this makes me worry that TBB is not fully tested each new release...and I've been using Tor since about '02 or '03...and TBB since I first came up with the idea and Steven and I chatted on IRC, before Steven took over and made TBB.

Here's my version (rant) for bug tracker, of these issues: https://trac.torproject.org/projects/tor/ticket/5736

comment:24 Changed 7 years ago by cypherpunks

Just for the sake of ease, here's the body of my bug report:

"(once again) Black buttons, transparent bookmark functions...TBB v2.2.35-9"

(extracted from the Tor Blog here: https://blog.torproject.org/blog/new-tor-browser-bundles-16 )

If you try to bookmark a page...well, good luck with all the transparency issues (see screenshot URLs below).

What confounds me is these *exact* issue arose in previous TBB versions, and then were (recently) fixed (at least for some versions of Windows)...but...now they're back; arrrg!

Attn. Erin, Mike, et al.:

How do you all *not* realize there are such noticeable and annoying bugs? With this version the minimize, maximize, and close buttons for TBB are black, and bookmark function isn't visually correct (nor particularly usable). Do you not test each new version of TBB? (that's an honest question I hope someone will answer)

SCREENSHOTS:

TBB black buttons: minimize, maximize, and close

http://i.imgur.com/WsG0O.jpg

Check.torproject web site

http://i.imgur.com/HiZz7.jpg

Check.torproject web site; bookmark1

http://i.imgur.com/2yTZW.jpg

Check.torproject web site; bookmark2
http://i.imgur.com/0iwEb.jpg

comment:25 in reply to:  24 ; Changed 7 years ago by Shondoit

Replying to cypherpunks:

What confounds me is these *exact* issue arose in previous TBB versions, and then were (recently) fixed (at least for some versions of Windows)...but...now they're back; arrrg!

I do not remember it ever being fixed, but I have not used every version since tor-browser-2.2.35-3
Can you be more specific as to what versions worked correctly and on what versions of Windows, if you remember?
Perhaps it could help us narrow it down.

comment:26 Changed 7 years ago by Sebastian

the problem is that nobody knows why it was fixed in some of the intermediate versions. The issue behind this all is still unknown afaik

comment:27 in reply to:  25 Changed 7 years ago by cypherpunks

Hello Shondoit,

Replying to Shondoit:

Replying to cypherpunks:

What confounds me is these *exact* issue arose in previous TBB versions, and then were (recently) fixed (at least for some versions of Windows)...but...now they're back; arrrg!

I do not remember it ever being fixed, but I have not used every version since tor-browser-2.2.35-3
Can you be more specific as to what versions worked correctly and on what versions of Windows, if you remember?
Perhaps it could help us narrow it down.

It was the last release, with Firefox 11, TBB v2.2.35-8 (https://blog.torproject.org/blog/new-tor-browser-bundles-updated-linux-again). See the attached screenshots:

  1. Screenshot of visible minimize, maximize, and close, as well as bookmark
  2. Screenshot of visible SSL cert info

Changed 7 years ago by cypherpunks

Changed 7 years ago by cypherpunks

comment:28 Changed 7 years ago by cypherpunks

@ Shondoit,

Also, please notice in the two screenshots above, that Aero is working with TBB v2.2.35-8 on Windows 7 64 bit.

comment:29 Changed 7 years ago by cypherpunks

@ All,

For Windows, the best screenshot program, IMO, is LigthScreen [1]. It's free, and GNU GPL :)

I love Ligthscreen because it can take screenshots of things like a cursor and the bookmark tab in my above screenshots. Many (most?) Windows screenshot software do not offer these important features, not to mention they are already GNU GPL.

[1] http://lightscreen.sourceforge.net/

comment:30 in reply to:  16 Changed 7 years ago by cypherpunks

Hi Phobos,

Replying to rransom:

Replying to phobos:

it looks the same in aero full, aero basic, and classic.

If you're running Windows 7 in a VM, you're not really using Aero because Windows 7 doesn't have Direct3D drivers for your VM's virtual graphics card.

Please see the attached screenshots using the current TBB (v2.2.35-9) on installed Windows 7 64 bit, classic (no Areo), with "best performance" setting under 'Control Panel':

  1. Screenshot of visible minimize, maximize, and close, but non-viable bookmark
  2. Screenshot of non-visible SSL cert info

comment:31 in reply to:  21 Changed 7 years ago by cypherpunks

Replying to nefanon:

Here's a temp fix I used: Change the \FirefoxPortable\App\Firefox\tbb-firefox.exe properties to use "Windows XP SP3" for compatibility. It at least shows the minimize/maximize/close buttons.

= "Vidalia was unable to start the configured web browser" for TBB v.2.2.35-9 on (installed) Windows 7 64 bit. However, when tbb-firefox.exe is allowed to run as Administrator, the bookmark and SSL cert info pop-ups are still not visually correct, even though the minimize, maximize, and close buttons are visible.

comment:32 Changed 7 years ago by erinn

I'm pretty sure this is an upstream bug. I think I was originally able to find a better example on Mozilla's bugzilla, but here are a few of similar reports I was able to find just now:

https://bugzilla.mozilla.org/show_bug.cgi?id=693916
https://bugzilla.mozilla.org/show_bug.cgi?id=597185
https://bugzilla.mozilla.org/show_bug.cgi?id=693916

I don't know for sure whose problem it is (it could certainly be ours), but we aren't doing anything significantly different between our builds to trigger the problems, I don't think.

comment:33 Changed 7 years ago by arma

Priority: normalmajor

People on the blog sure do talk about this one a lot; so bumping up its priority.

comment:34 Changed 7 years ago by arma

https://blog.torproject.org/blog/new-tor-browser-bundles-17#comment-15592 says
"The minimize, maximize buttons can be restored by disabling the Firefox "App Button" by right-clicking on one of the bars at the top of the browser. Doesn't solve the problem entirely, but good enough."

comment:35 Changed 7 years ago by Shondoit

Owner: changed from erinn to mikeperry
Status: reopenedassigned

This bug was introduced in 2.2.35-2.
There was one patch that got added in that version, namely 0010-Provide-client-values-only-to-CSS-Media-Queries.patch. (created as 0012-* at the time.)
This patch comments out a huge block inside nsMediaFeatures.cpp. If this block is re-activated, then FF's chrome is correct again.

I'll leave it up to Mike to review the existing patch, since it might introduce de-anonymizing issues to just re-enable that block.

comment:36 Changed 7 years ago by mikeperry

Component: Tor bundles/installationFirefox Patch Issues

comment:37 Changed 7 years ago by mikeperry

Priority: majornormal

Since this isn't a direct or indirect violation of our privacy and security requirements, I think it's not 'major' for us. This means we'll need help if we ever want to get this fixed.

I think one could actually call the lack of maximize button a feature due to the fingerprinting issues when doing that, though I agree lack of minimize and close is annoying.

Questions that will help solve this faster if answered:

  1. Which parts of the CSS patch actually make a difference?
  1. Why does the browser chrome give a shit about media features that are supposed to be for HTML content?
  1. Is the patch responsible even for the menu transparency issues too, or just the titlebar buttons?

comment:38 in reply to:  37 Changed 7 years ago by cypherpunks

Priority: normalminor

Replying to mikeperry:

Since this isn't a direct or indirect violation of our privacy and security requirements, I think it's not 'major' for us. This means we'll need help if we ever want to get this fixed.

I think one could actually call the lack of maximize button a feature due to the fingerprinting issues when doing that, though I agree lack of minimize and close is annoying.

Questions that will help solve this faster if answered:

  1. Which parts of the CSS patch actually make a difference?
  1. Why does the browser chrome give a shit about media features that are supposed to be for HTML content?
  1. Is the patch responsible even for the menu transparency issues too, or just the titlebar buttons?

I'm changing it back to major, just to make a point (I agree with arma). You seem to poo-poo this issue, and even try to make a point that it shouldn't be fixed(!), but it's a MAJOR issue to people that use TBB, even if it's not a big deal to you. And it's more than minimize, the bookmark features are mostly useless, as are the SSL window and the add-on window, e.g., if I wanted to check the cert info, or if I wanted to add BetterPrivacy to Windows TBB.

This issue scares a lot of TBB users, and rightly so, it's quite egregious and noticeable. What do you expect non-computer savvy people to think? I for one wouldn't use TBB in it's current state if I didn't know what's going on with this issue...

I will donate money to get this fixed, and keep it a major issue,if that would help hire a Windows dev (if s/he is needed), even if for just this single issue. I'm not sure how much it would cost, but I could send in ~>$500 next week, if that would help; even though that's not a lot of money, it is to me, I'm not rich, but I fully understand how important it is to get this bug fixed. I think some at Tor don't focus enough on the useability of the software; that is, some Tor devs see the trees but not the forest...

comment:39 Changed 7 years ago by Sebastian

Priority: minormajor

I agree, this is important to get fixed. It's a crazy big usability bug, and - while probably not catastrophic for anonymity - a major confidence inhibitor in TBB. I'm changing the priority back to major, if you still disagree mike - especially wrt the ssl/bookmark settings - please change it back.

comment:40 in reply to:  39 Changed 7 years ago by cypherpunks

Replying to Sebastian:

I agree, this is important to get fixed. It's a crazy big usability bug, and - while probably not catastrophic for anonymity - a major confidence inhibitor in TBB. I'm changing the priority back to major, if you still disagree mike - especially wrt the ssl/bookmark settings - please change it back.

Hi Sebastian,

Thanks for changing it from minor to major. I meant to change it from normal to major, but I chose minor on accident.

comment:41 in reply to:  34 Changed 7 years ago by cypherpunks

Replying to arma:

https://blog.torproject.org/blog/new-tor-browser-bundles-17#comment-15592 says
"The minimize, maximize buttons can be restored by disabling the Firefox "App Button" by right-clicking on one of the bars at the top of the browser. Doesn't solve the problem entirely, but good enough."

I tried the above, but there isn't anything called "App Button", unless the OP means "Add-on bar"; see attached screenshot "" (using the current TBB). When I disable "Add-on bar", and restart, nothing beneficial occurs wrt minimize buttons, and etc.

Changed 7 years ago by cypherpunks

Attachment: disable_Add-on-bar.jpg added

comment:42 in reply to:  37 ; Changed 7 years ago by Shondoit

Replying to mikeperry:

Since this isn't a direct or indirect violation of our privacy and security requirements, I think it's not 'major' for us. This means we'll need help if we ever want to get this fixed.

arma changed this to major because of the high rate of mentions (see comment 33.) Also, because it's been a bug for months I suggest keeping this as major. My two cents.

I think one could actually call the lack of maximize button a feature due to the fingerprinting issues when doing that, though I agree lack of minimize and close is annoying.

The buttons are only invisible. It still works when clicking in the middle of the black bar.
As well as the other options to maximize (right click title bar + maximize, win7: drag against top, alt + space + x) this is hardly a 'feature'.

  1. Which parts of the CSS patch actually make a difference?

This is an interesting one. The patch comments out an entire block of Mozilla extensions, but this section contains things like '_moz_windows_default_theme', '_moz_windows_compositor' and '_moz_windows_theme'. I reckon a combination of these removed features is responsible for the black control box and the transparency issues. It will take some time to figure out which ones.
Check out nsMediaFeatures.cpp, line 459 and down. I'm not sure removing this block of features was the best course of action. I recommend rereading the source and revising this choice if needed.

  1. Why does the browser chrome give a shit about media features that are supposed to be for HTML content?

Because this is not only for HTML content but rather for chrome in general? Because Firefox supports theming and uses these features for compositing?
I have no idea and this question is better asked in Mozilla channels.

  1. Is the patch responsible even for the menu transparency issues too, or just the titlebar buttons?

Yes, it's responsible for the menu transparency issues too.

comment:43 in reply to:  42 ; Changed 7 years ago by mikeperry

Status: assignedneeds_information

Replying to Shondoit:

Replying to mikeperry:

Since this isn't a direct or indirect violation of our privacy and security requirements, I think it's not 'major' for us. This means we'll need help if we ever want to get this fixed.

arma changed this to major because of the high rate of mentions (see comment 33.) Also, because it's been a bug for months I suggest keeping this as major. My two cents.

Fine. I'm just trying to find a rational way to define ticket priorities. I was questioned earlier when "seems important, probably should get done" was my previous metric.

  1. Which parts of the CSS patch actually make a difference?

This is an interesting one. The patch comments out an entire block of Mozilla extensions, but this section contains things like '_moz_windows_default_theme', '_moz_windows_compositor' and '_moz_windows_theme'. I reckon a combination of these removed features is responsible for the black control box and the transparency issues. It will take some time to figure out which ones.

Check out nsMediaFeatures.cpp, line 459 and down. I'm not sure removing this block of features was the best course of action. I recommend rereading the source and revising this choice if needed.


Yeah, word. It probably will require a few compiles on Windows to binary search it down to the exact rules that actually matter, or a few hours of wading through source. Though starting with uncommenting just the _moz_windows stuff and the blocks with min/maximize in it seems like a good guess to start.

If someone who can actually compile our beast on Windows can narrow it down, it might help me to more easily hazard a guess.

Setting this to "needs information" to reflect the fact that answers to these questions will help me fix it faster.

comment:44 in reply to:  43 ; Changed 7 years ago by Shondoit

Replying to mikeperry:

If someone who can actually compile our beast on Windows can narrow it down, it might help me to more easily hazard a guess.

The lack of _moz_windows_default_theme is the cause of the transparent popups.
The lack of _moz_windows_compositor is the cause of the non-translucent title bar and blacked out control box.
When these are uncommented everything looks fine and dandy. Not sure how this affects CSS fingerprinting.

comment:45 in reply to:  44 ; Changed 7 years ago by mikeperry

Replying to Shondoit:

Replying to mikeperry:

If someone who can actually compile our beast on Windows can narrow it down, it might help me to more easily hazard a guess.

The lack of _moz_windows_default_theme is the cause of the transparent popups.
The lack of _moz_windows_compositor is the cause of the non-translucent title bar and blacked out control box.
When these are uncommented everything looks fine and dandy. Not sure how this affects CSS fingerprinting.

Yeah, from my read of https://developer.mozilla.org/En/CSS/Media_queries it sounds like both of these are available to content window CSS, which would be an instant leak of at least OS if not also themeing info..

I wonder if it is the absence of these rules that is messing us up... I wonder what happens if you hack GetSystemMetric in layout/style/nsMediaFeatures.cpp to always pick one value for those atoms? Changing that function to always do aResult.SetIntValue(0) or 1, for example...

Otherwise, if a bloody hack doesn't work, we'll need to figure out how to prevent these things from getting exported to the content window while still allowing chrome to use them...

Incidentally, if you're able build all of TBB, we could use a full Windows build up on #5837 for comparison by other folks.

comment:46 Changed 7 years ago by mikeperry

Status: needs_informationnew

Alternate idea: We could hack the XUL CSS to remove use of these two media queries and make the browser do a reasonably sane thing instead.

You can find the CSS files by grepping the source tree for moz-windows-compositor and moz-windows-default-theme. Their use appears limited to CSS files in toolkit/themes/winstripe/ and its subdirs.

You should even be able to edit these CSS files in a pre-built TBB to play around with them until they stop being crazy.

Changed 7 years ago by Shondoit

Attachment: test-moz-media-queries.html added

Test page to view the available Media Features. Green is enabled, which is bad in our case.

comment:47 in reply to:  45 Changed 7 years ago by Shondoit

Replying to mikeperry:

I wonder if it is the absence of these rules that is messing us up... I wonder what happens if you hack GetSystemMetric in layout/style/nsMediaFeatures.cpp to always pick one value for those atoms? Changing that function to always do aResult.SetIntValue(0) or 1, for example...

I tried this by changing browser.css as if -moz-windows-compositor is true. This works for Windows Aero, but when a user is using Aero Basic or Windows Classic then everything breaks.
Basically, we need the theming logic to be intact if we don't want to break stuff.

Otherwise, if a bloody hack doesn't work, we'll need to figure out how to prevent these things from getting exported to the content window while still allowing chrome to use them...

This would be the preferred way. We need it available for chrome for the theming, yet don't want to expose it to any web pages. I don't think this is easy to do, but I'm not sure what else is possible.

I attached a test page that will show the availability of the Media queries in web pages. Basically, everything should be red, while still having proper theming for Aero, Basic and Classic.

Important note, the media queries are used for OSX theming as well. We need to pay attention as to not break stuff (or maybe fix stuff that hasn't been reported.)

comment:48 Changed 7 years ago by Shondoit

Status: newneeds_review

Patch is up for review. Branch bug4795 in my repo.

This removes the disabling of the CSS Media Queries and instead does a check in the handler to limit the use to window chrome only.

comment:49 Changed 7 years ago by mikeperry

Keywords: MikePerry201206 added
Status: needs_reviewneeds_revision

Shondoit: Thanks a ton for working on this. Quick question: It looks like you removed my patch entirely? We still need it so that non-mozilla extensions report the display size as the desktop size, and to prevent a whole lot of other unrelated leaky Mozilla extensions from being exposed to the content window.

I'll review this and/or any later revisions in more detail as soon as I can this month.

comment:50 in reply to:  49 ; Changed 7 years ago by Shondoit

Replying to mikeperry:

Quick question: It looks like you removed my patch entirely?

Yes, instead of redirecting the CSS queries to the display size I thought it'd be better to cut it off at the root directly (GetDeviceSize).
In that function it contains a check to see if the context is allowed to see the device values and if not returns the document values instead.

We still need it so that non-mozilla extensions report the display size as the desktop size, and to prevent a whole lot of other unrelated leaky Mozilla extensions from being exposed to the content window.

That's where I went wrong, sorry. I revised my branch to limit it to the root view only instead of chrome, and thus eliminating the exposure to extensions.

comment:51 Changed 7 years ago by cypherpunks

Well, hot damn! I just d/l'd the alpha version of the newest TBB release (v2.3.1-alhpa-2), and full Aero is working, as well as zero transparency (bookmark and cert info) issues. One Windows 7 x64 SP1 (laptop).

TorButton is v1.4.6, however, there is no TorBrowser branding for Firefox, so, I wonder, is this Firefox (in the current alpha TBB) patched up to date with the TorBrowser in the current beta? Ah, I see at least one difference, the alpha is running Firefox 11, the beta is running Firefox 12.

comment:52 Changed 7 years ago by cypherpunks

Me again, to me: beta = the non-unstable version of TBB (not sure I'd call it stable, yet ;) )

comment:53 Changed 7 years ago by Shondoit

Status: needs_revisionneeds_review

Rebased to the current maint-2.2.
Should apply cleanly to FF 10.0.5-ESR.

comment:54 in reply to:  50 Changed 7 years ago by mikeperry

Replying to Shondoit:

Replying to mikeperry:

We still need it so that non-mozilla extensions report the display size as the desktop size, and to prevent a whole lot of other unrelated leaky Mozilla extensions from being exposed to the content window.

That's where I went wrong, sorry. I revised my branch to limit it to the root view only instead of chrome, and thus eliminating the exposure to extensions.

Actually, you might not be wrong here. It may just be miscommunication. When I said "Mozilla extensions" I meant the Media Query extensions, not addons. Closer look at your patch seems to indicate that you did in fact cover all the fingerprinting-related ones directly.

As for IsRoot() vs IsChrome(), I think we *do* want addons to have access to the Mozilla extensions, so they don't suffer the same UI issues. I think that means we do want IsChrome() after all? If you agree, I can change it myself as I merge your patch.

comment:55 Changed 7 years ago by mikeperry

This is rebased for TBB-alpha in mikeperry/ff13-patches. The maint-2.2 version is in mikeperry/mike-bug4795-stable.

I tweaked the patch for the IsChrome thing and to allow device orientation detection, which I don't see as a fingerprinting risk. It also now lies about the pixel ratio always being 1.0 for the content window instead of ignoring the query.

comment:56 Changed 7 years ago by mikeperry

Actual Points: 3
Points: 3
Resolution: fixed
Status: needs_reviewclosed

mikeperry/mike-bug4795-stable was merged into origin/maint-2.2 and mikeperry/ff13-patches was merged into origin/maint-2.3 and origin/master.

comment:57 in reply to:  56 Changed 7 years ago by catalinus

Priority: majornormal
Resolution: fixed
Status: closedreopened

Replying to mikeperry:

mikeperry/mike-bug4795-stable was merged into origin/maint-2.2 and mikeperry/ff13-patches was merged into origin/maint-2.3 and origin/master.

Changed 7 years ago by catalinus

Attachment: tor_tor.png added

Screen capture for Tor Browser

Changed 7 years ago by catalinus

Attachment: tor_ff.png added

Screen capture for FF in identical conditions

comment:58 Changed 7 years ago by catalinus

Screen capture for Tor BrowserScreen capture for FF in identical conditions

comment:59 Changed 7 years ago by mikeperry

Resolution: fixed
Status: reopenedclosed

No TBB builds have been shipped yet since the branches were merged.

Note: See TracTickets for help on using tickets.