[tbb-bugs] #27466 [Applications/Tor Browser]: Investigate single-locale language repacks for Tor Browser on desktop

Fri Feb 8 17:58:59 UTC 2019

#27466: Investigate single-locale language repacks for Tor Browser on desktop
-------------------------------------------------+-------------------------
 Reporter:  gk                                   |          Owner:  tbb-
                                                 |  team
     Type:  task                                 |         Status:  new
 Priority:  High                                 |      Milestone:
Component:  Applications/Tor Browser             |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  GeorgKoppen201902,                   |  Actual Points:
  TorBrowserTeam201902, AffectsTails             |
Parent ID:  #28196                               |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------

Comment (by intrigeri):

 I've taken a look again after trying to find a good solution for Tails
 if/when Tor Browser drops the langpacks entirely ''and'' does not start
 providing a multilingual tarball. I think there's a workaround that should
 hopefully work for Tails but it's ugly (basically: download the langpacks
 from Mozilla ourselves, patch them ourselves to apply Tor Browser's search
 plugins and bookmarks customization, and turn
 `extensions.langpacks.signatures.required` off ourselves; i.e. essentially
 do on our side what `projects/firefox-langpacks/config` and `projects/tor-
 browser/build` currently do when building Tor Browser); for somewhat silly
 reasons you're probably not particularly interested in, it also requires
 repetitive busywork for us. Let's say that's… not my idea of "fun".

 So I've taken a look at the related bugs (#26465, #18915, #21879, #11236)
 and some of the linked Mozilla bugs to try to understand what's the big
 deal here. My understanding is that we want to do this because:

 * It would be nice to make the tarball and upgrade deltas other than en-US
 smaller, because they would not include en-US strings anymore. Each
 langpack is currently 500-600KB large and each localized tarball is 72MB
 large, so the single-locale repacking technique could potentially save up
 to 0.8% on the size of a tarball. I suspect there are lower-hanging
 fruits, with a better cost/benefit, if we want to shrink the bundles (but
 I would be happy to stand corrected if you tell me that all those have
 been fixed already so that <1% optimizations are now a sensible goal :).
 * Mozilla does not support overriding bookmarks and search plugins in any
 suitable way.
  * So we currently have to patch every langpack.
  * It follows that we need to turn
 `extensions.langpacks.signatures.required` off.
  * But that's not nice and we would prefer to enable
 `extensions.langpacks.signatures.required`.
  * So the only way to fix that is to get rid of the langpacks entirely,
 with this single-locale repack technique.
 * Ship something closer to what Mozilla is shipping (I'm assuming they're
 applying this technique to their own localized Firefox desktop
 downloadable products). Note that this is only relevant for Windows and
 macOS: AFAIK most Linux users get Firefox from their distros and I doubt
 distro packages use this technique; at least on Debian, one gets an en-US
 Firefox and installs the langpack via the `firefox-l10n-$LOCALE` package.
 So I'm quite confident that Mozilla will keep supporting "en-US +
 langpack" for the foreseeable future.
 * Any other reason?

 Zooming into the reason that seems the most valid to me, I guess we want
 to enable `extensions.langpacks.signatures.required` because:

 * Firefox may simply stop supporting this pref some day and then we might
 have to deal with this with only a few months notice.
 * For defense in depth reasons: if the Firefox add-on updating code is
 buggy or AMO is compromised, and our code that disables updating most add-
 ons is buggy, then presumably an attacker could force an update to a
 langpack they control, and then all kinds of undesirable things can
 happen.

 If this analysis of our motivations is about right, then I would argue
 that sure, it would be very nice to have, but perhaps not urgent to the
 point of rushing this just a few weeks before 8.5. If it's an option to
 relax the timeline a bit, then we can perhaps do some of:

 * Revisit some of the other options you've mentioned in
 https://trac.torproject.org/projects/tor/ticket/18915#comment:3 for search
 plugins.
 * Check if Mozilla would be open to adding a pref that disables looking in
 langpacks for bookmarks and search engines. Then we don't need to patch
 them, we can enable `extensions.langpacks.signatures.required`, and the
 main reason to do what this ticket is about is gone.
 * Block this on having one-bundle-including-all-locale for desktop first.

 Now, if there's a cheap, possibly dirty but good enough workaround that
 Tails can apply in time for 8.5, I'll happily let you handle this in this
 timeframe and I'll shut up :)

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/27466#comment:18>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online