#33003: Tor browser / Firefox telemetry data --------------------------------------+----------------------------------- Reporter: cypherpunks | Owner: tbb-team Type: defect | Status: needs_information Priority: Medium | Milestone: Component: Applications/Tor Browser | Version: Severity: Normal | Resolution: Keywords: TorBrowserTeamTriaged | Actual Points: Parent ID: | Points: Reviewer: | Sponsor: --------------------------------------+-----------------------------------
Comment (by cypherpunks): > Their existence is not a bug Still that same existence is an open door to anti-privacy. Suppose a case when the user plays with `about:config` or other preferences and inadvertently enables an anti-privacy feature such as telemetry or anything else which exists in Firefox. If the URLs had been removed he would not be able to de-anonymize the browser. IOW not having those URLs can be seen as a precaution. > if they are used in unexpected ways, then that may be a bug. As I mentioned initially, my personal expectation from a privacy respecting browser is 0 (zero) background connections, i.e. ones not initiated by me explicitly or through a setting which I explicitly set-up. This means: out of the box there should be no connections other than those related to typed URLs. I suppose HTTPS-E must be considered along these lines too as it has some mechanism for remote updates. All that should be an opt-in on first run. > This happens occasionally, but are you reporting this is happening now? I don't know how to tcpdump the connections which Tor Browser makes as I don't know how to tcpdump anything that passes through Tor. If you explain how to do this I can try. > Can you provide steps for reproducing it? I found this which seem related to all those background connections (in Firefox): https://bugzilla.mozilla.org/show_bug.cgi?id=1432248 Note how Mozilla (that "privacy respecting" and "non-profit" organization) closed this as WONTFIX and linked it to another bug report which was also closed as WONTFIX. To date these automatic connections in Firefox persist and their documentation about how to disable them is still not complete. Mozilla Firefox's privacy policy is an anti-privacy policy. Just read: https://www.mozilla.org/en-US/privacy/firefox/ By default they *share* a lot. But private means not shared, i.e. the opposite. In contrast ungoogled-chromium makes zero background connections out of the box (tested). Perhaps it is a better alternative for being a new basis for Tor Browser because it can already be configured to work through Tor proxy, so all it needs is some fine tuning about reducing the fingerprint. What do you say? (I realize this is not a bug report but a wider discussion. Please advise where it is appropriate to talk about that if you think it is worthwhile) -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/33003#comment:4> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online
_______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs