commit f4606d1c1c35eb36edf3c7cd6b2904be01f19f32
Author: Richard Pospesel <richard(a)torproject.org>
Date: Fri Jan 25 07:51:14 2019 +0000
Bug 12885: Windows Jump Lists fail for Tor Browser
Jumplist entries are stored in a binary file in:
%APPDATA%\\Microsoft\Windows\Recent\CustomDestinations\
and has a name in the form
[a-f0-9]+.customDestinations-ms
The hex at the front is unique per app, and is ultimately derived from
something called the 'App User Model ID' (AUMID) via some unknown
hashing method. The AUMID is provided as a key when programmatically
creating, updating, and deleting a jumplist. The default behaviour in
firefox is for the installer to define an AUMID for an app, and save it
in the registry so that the jumplist data can be removed by the
uninstaller.
However, the Tor Browser does not set this (or any other) regkey during
installation, so this codepath fails and the app's AUMID is left
undefined. As a result the app's AUMID ends up being defined by
windows, but unknowable by Tor Browser. This unknown AUMID is used to
create and modify the jumplist, but the delete API requires that we
provide the app's AUMID explicitly. Since we don't know what the AUMID
is (since the expected regkey where it is normally stored does not
exist) jumplist deletion will fail and we will leave behind a mostly
empty customDestinations-ms file. The name of the file is derived from
the binary path, so an enterprising person could reverse engineer how
that hex name is calculated, and generate the name for Tor Browser's
default Desktop installation path to determine whether a person had
used Tor Browser in the past.
The 'taskbar.grouping.useprofile' option that is enabled by this patch
works around this AUMID problem by having firefox.exe create it's own
AUMID based on the profile path (rather than looking for a regkey). This
way, if a user goes in and enables and disables jumplist entries, the
backing store is properly deleted.
Unfortunately, all windows users currently have this file lurking in
the above mentioned directory and this patch will not remove it since it
was created with an unknown AUMID. However, another patch could be
written which goes to that directory and deletes any item containing the
'Tor Browser' string. See bug 28996.
---
browser/app/profile/000-tor-browser.js | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/browser/app/profile/000-tor-browser.js b/browser/app/profile/000-tor-browser.js
index 2b238dd87c1b..11027f4c9a3a 100644
--- a/browser/app/profile/000-tor-browser.js
+++ b/browser/app/profile/000-tor-browser.js
@@ -326,6 +326,18 @@ pref("browser.onboarding.newtour", "welcome,privacy,tor-network,circuit-display,
pref("browser.onboarding.updatetour", "welcome,privacy,tor-network,circuit-display,security,expect-differences,onion-services");
pref("browser.onboarding.skip-tour-button.hide", true);
+// prefs to disable jump-list entries in the taskbar on Windows (see bug #12885)
+#ifdef XP_WIN
+// this pref changes the app's set AUMID to be dependent on the profile path, rather than
+// attempting to read it from the registry; this is necessary so that the file generated
+// by the jumplist system can be properly deleted if it is disabled
+pref("taskbar.grouping.useprofile", true);
+pref("browser.taskbar.lists.enabled", false);
+pref("browser.taskbar.lists.frequent.enabled", false);
+pref("browser.taskbar.lists.tasks.enabled", false);
+pref("browser.taskbar.lists.recent.enabled", false);
+#endif
+
#ifdef TOR_BROWSER_VERSION
#expand pref("torbrowser.version", __TOR_BROWSER_VERSION__);
#endif