wiki:doc/crashreporter

About

This page is created for project "Crash Reporter for Tor Browser" (GSoC 2017).

Crash Reporter will be helping developers to improve Tor Browser, find bugs and crash reasons easier, that would make Tor Browser more stable and user-friendly.

Mozilla Firefox has the crash reporter based on Google BreakPad with server side - Mozilla Socorro. The work is focused at adapting Firefox Crash Reporter for Tor Browser (Linux version). And also adapting Socorro for changed Crash Reporter and run it as “.onion” service.

Full project proposal can be found at blog or in PDF file. Project source code is available on GitHub.

Analysis of the Privacy Implications of Crash Report Data

In this project, Crash Reporter client is a linux-based applications and libraries (including Google Breakpad) that collects and sends crash data to Crash Reporter Server side. Crash Reporter Client collects various data, such as OS name and version, hardware info, browser version, browser install time, stack traces and etc. Most of data fields we can consider as privacy-sensitive or non privacy-sensitive, but there are fields and their combinations we can't be sure about.

Data fields in crash report

Data field Description Is privacy-sensitive Comment
Accessibility
AbortMessage
AdapterDeviceID
AdapterDriverVersion
AdapterSubsysID
AdapterVendorID
Add-ons List of installed extensions ? It's all about whether the user has atypical extensions to identify him (think about the option to send only yes/no for difference from the default state)
AddonsShouldHaveBlockedE10s no
AppInitDLLs
AvailablePageFile
AvailablePhysicalMemory
AvailableVirtualMemory
BIOS_Manufacturer
BreakpadReserveAddress
BreakpadReserveSize
BuildID The unique build identifier of this version, which is a timestamp of the form YYYYMMDDHHMMSS no
CoGetInterfaceAndReleaseStreamFailure
CoMarshalInterfaceFailure
ContentSandboxCapabilities no
ContentSandboxCapable
ContentSandboxLevel
CPUMicrocodeVersion
CrashAddressLikelyWrong
CrashTime ? Can it be combined with URL?
CycleCollector
DOMIPCEnabled no
E10SCohort no (remove it)
EMCheckCompatibility no
EventLoopNestingLevel no
FlashVersion
FramePoisonBase no
FramePoisonSize no
GPUProcessLaunchCount
GPUProcessStatus
GraphicsStartupTest
Hang
IAccessibleConfig
InstallTime time when this version was installed yes user could be identified by install time
InterfaceRegistrationInfoParent
InterfaceRegistrationInfoChild
ipc_channel_error
IpcCreateTransportDupErrno
IPCFatalErrorMsg
IPCFatalErrorProtocol
IPCMessageName
IPCShutdownState
IPCSystemError
IPCTransportFailureReason
IsGarbageCollecting
JavaStackTrace
JSLargeAllocationFailure
JSOutOfMemory
mCrashCriticalKey
MozCrashReason
modules (list) all the system libraries loaded at the time of the crash no (all injected libs make you more fingerprintable)
Notes Special field for addition info (suJSOutOfMemorych as OpenGL version) ? (are you going to send hardware info?)
NumberOfPendingIPC
OOMAllocationSize
ProductID no
ProductName no
ProtocolName
Release Channel the update channel that the user is on ?
RemoteType
SafeMode Was browser started in safemode or not no
SecondsSinceLastCrash
SheetLoadFailure
ShutdownProgress
StackTraces no
StartupCrash Is startup crash or not no
StartupTime Browser start time no
SystemMemoryUsePercentage
TelemetrySessionId
TextureUsage
Theme no
Throttleable
TlsAllocations
TopPendingIPCCount
TopPendingIPCName
TopPendingIPCType
TotalPageFile
TotalPhysicalMemory
TotalVirtualMemory
UptimeTS length of time the process was running before it crashed. no
URL The URL of site that the user was on yes
useragent_locale the locale of software installation ? Could be used to find out country which user lives in
Vendor no
Version browser version no
Winsock_LSP

There are the addition data in TelemetryEnvironment param

Test crash report that was sent by tor-browser-52.1.2esr-7.0-1 - fa7fb436-091d-4178-9b1d-f1c5e1170719

TODO things, ideas

  • Add feature to resend crash report if first attempt is fail;
  • Add checkbox "Include my Add-ons list" to crashreporter client UI
  • Generally, we should treat all information that differs from the standard fingerprint as private. And this also means that everything included in the standard fingerprint is the same for any instance, so it's useless to send that information.
  • But such restrictions make even Tor Browser version a private thing, which greatly reduce the usefulness of anonymized reports.
  • So, there might be some slider with options: anonymous, private, full (report). Because with your current table of items, only those, who don't care, will start to send crash reports.

(1) https://torcrashreporter.wordpress.com/2017/04/03/google-summer-of-code-proposal-crash-reporter-for-tor-browser/

(2) https://torcrashreporter.files.wordpress.com/2017/05/final_proposal.pdf

(3) https://github.com/nmago/tor-browser

(4) https://nmago.github.io/te.html

(6) https://crash-stats.mozilla.com/report/index/fa7fb436-091d-4178-9b1d-f1c5e1170719

Last modified 8 weeks ago Last modified on Aug 2, 2017, 3:05:02 PM