#27268: preferences cleanup --------------------------------------------+-------------------------- Reporter: rzb | Owner: tbb-team Type: defect | Status: new Priority: Medium | Milestone: Component: Applications/Tor Browser | Version: Severity: Normal | Resolution: Keywords: ff60-esr, TorBrowserTeam201809 | Actual Points: Parent ID: | Points: Reviewer: | Sponsor: --------------------------------------------+--------------------------
Comment (by Thorin): Here's an updated list for cleaning up for ESR68, including some missing bugzillas etc. I may have missed a couple of things, but this is a start. There are maybe some more RFP redundant items from my ghacks user.js section 4600 [1] https://github.com/ghacksuserjs/ghacks- user.js/blob/master/user.js#L1489 [2] https://github.com/ghacksuserjs/ghacks-user.js/issues/123 [my deprecated items and sources list] **Housekeeping** - close #28370 as a duplicate of this ticket (it's in the list below) - close #32028 as a duplicate of this ticket (everything there is in this list) - this ticket: change keyword to `ff68-esr` etc **Urgent?** - FF28: `intl.charset.default` - https://bugzilla.mozilla.org/910192 * you **need** to fix this **asap** in #20025 with `intl.charset.fallback.override` - FF46: `browser.pocket.api`, `browser.pocket.enabled`, `browser.pocket.site` - https://bugzilla.mozilla.org/1215694 * **if needed**, replace with `extensions.pocket*` which are currently not covered **Deprecated** - FF24: `plugin.expose_full_path` - https://bugzilla.mozilla.org/883671 - FF31: `dom.network.enabled` - https://bugzilla.mozilla.org/960426 * replaced by ''dom.netinfo.enabled'' which is already covered - FF43: `media.audio_data.enabled` - https://bugzilla.mozilla.org/1206091 - FF45: `devtools.appmanager.enabled` - https://bugzilla.mozilla.org/1216590 - FF46: `datareporting.healthreport.service.enabled` - https://bugzilla.mozilla.org/1234526 - FF47: `datareporting.healthreport.about.reportUrlUnified` - https://bugzilla.mozilla.org/1236580 - FF50: `browser.safebrowsing.enabled` - https://bugzilla.mozilla.org/1025965 * the two main switches are already covered: ''browser.safebrowsing.malware.enabled'', ''browser.safebrowsing.phishing.enabled'' - FF52: `media.gmp-eme-adobe.visible` - https://bugzilla.mozilla.org/buglist.cgi?bug_id=1329538,1337121 - FF52: `media.gmp-eme-adobe.enable` - https://bugzilla.mozilla.org/buglist.cgi?bug_id=1329538,1337121 - FF53: `security.tls.unrestricted_rc4_fallback` - https://bugzilla.mozilla.org/1130670 - FF54: `media.eme.apiVisible` - https://bugzilla.mozilla.org/1242321 - FF55: `dom.enable_user_timing` - https://bugzilla.mozilla.org/1344669 - FF59: `datareporting.healthreport.about.reportUrl` - https://bugzilla.mozilla.org/1352497 - FF60: `extensions.hotfix.id` - https://bugzilla.mozilla.org/1356331 - FF60: `browser.newtabpage.preload` - https://bugzilla.mozilla.org/show_bug.cgi?id=1355166 - FF61: `network.jar.block-remote-files` - https://bugzilla.mozilla.org/1427726 - FF63: `browser.search.countryCode` - https://bugzilla.mozilla.org/1462015 - FF67: `dom.event.highrestimestamp.enabled` - https://bugzilla.mozilla.org/1485264 **Not in DXR** - FF54?: `browser.download.manager.scanWhenDone` - https://bugzilla.mozilla.org/851471 (best I can find) * https://hg.mozilla.org/mozilla-central/rev/baf05f61bc14 - FF55?: `browser.download.manager.retention` * https://hg.mozilla.org/mozilla- central/rev/ccfe5420876a232a834afe88597228d832afb089 **RFP Redundant** - **NOTE**: RFP overrides these and **FFS** no-one should disable RFP - `dom.maxHardwareConcurrency` - https://bugzilla.mozilla.org/1360039 * or at least set as value `2` to match RFP - `ui.use_standins_for_native_colors` - https://bugzilla.mozilla.org/1485266 - `browser.zoom.siteSpecific` - https://bugzilla.mozilla.org/1369357 - `dom.enable_resource_timing` & `dom.enable_performance` * check with tom, 100% sure this is covered by tom's RFP reduceTimerPrecision prefs * not sure if RFP ''overrides'' these: i.e disabling the API vs rounding it: for all I know you might be causing perf issues: ask tom :) - `privacy.use_utc_timezone` - https://bugzilla.mozilla.org/1330890 * is this an old Tor Browser only pref? is there old code to rip out? * RFP already spoofs as UTC **RFP Redundant Part 2** - **NOTE**: RFP overrides these, some are deprecated AFAICT (e.g vendor), current values are out of sync with ESR68, and maintaining it is extra work - `general.appname.override` - `general.appversion.override` - `general.oscpu.override` - `general.platform.override` - `general.productSub.override` - `general.buildID.override` - `general.useragent.vendor` - `general.useragent.vendorSub` **RFP Redundant Part 3**: probably changes fingerprint, maybe entropy - **NOTE**: we need to make a decision/double-check here on these - `dom.netinfo.enabled` - https://bugzilla.mozilla.org/1372072 * this pref disables the API: you get an error or "undefined" * the pref is only default true on mobile: RFP returns "unknown" * so removing the pref would create two buckets: mobile vs desktop - `media.webspeech.synth.enabled` - https://bugzilla.mozilla.org/1333641 * same thing: disabling vs spoofing * needs double checking: but the new FP is universal AFAIK - `media.video_stats.enabled` - https://bugzilla.mozilla.org/1369309 * same thing: disabling vs spoof * needs double checking: some RFP values are the same, some are bucketized so **may** create more entropy: check with tom - `dom.gamepad.enabled` - https://bugzilla.mozilla.org/1337161 * RFP hides gamepad from content * not sure if the FP changes and is universal - `device.sensors.enabled` - https://bugzilla.mozilla.org/1369319 * RFP already disables the device censor * not sure if the FP changes but it should be universal - `privacy.suppressModifierKeyEvents`- https://bugzilla.mozilla.org/buglist.cgi?bug_id=1222285,1433592,1438795 * is this an old Tor Browser only pref? * RFP already spoofs keyboard events and suppress keyboard modifier events (SHIFT and both ALT keys) **Not sure** - `browser.startup.homepage_override.buildID` * RFP spoofs the navigator.buildID as `201810010000001`, productSub and UA still use `20100101` * https://bugzilla.mozilla.org/583181 * so not sure what value you want here, I only included it because it's bundled with all the other general.override prefs. I think it should be at the top with the other startup prefs -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/27268#comment:17> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online
_______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs