[tbb-dev] nsIUserInfo (browser developer candidate)
Richard Pospesel
pospeselr at gmail.com
Thu Jul 20 16:28:30 UTC 2017
If we return *something* rather than empty string are there any
localization concerns? I would assume we would want to return the same
thing regardless of locale, since other similar info is normalized to be
the same (like how timezone is standardized to UTC rather than exposing the
user's real timezone).
thanks,
-Richard
On Thu, Jul 20, 2017 at 1:00 AM, Georg Koppen <gk at torproject.org> wrote:
> Hi Richard!
>
> Richard Pospesel:
> > Hi tor devs!
> >
> > I've spent today getting ramped up on building/debugging tor-browser and
> > investigating a solution to issue #13398
> > <https://trac.torproject.org/projects/tor/ticket/13398> (NsUserInfo
> object
> > scrapes user's name, username, email, and domain).
> >
> > My first instinct was to just completely remove the offending code and
> > interface. It looks like some things have changed in this area since the
> > issue was filed, as this information is no longer cached on firefox
> > startup, but is still accessible via Add-Ons through the userinfo object
> (
> > https://developer.mozilla.org/en-US/docs/Mozilla/Tech/XPCOM/
> > Reference/Interface/nsIUserInfo ).
> >
> > So my question to you is in this case, do we prefer to completely excise
> > the nsIUserInfo interface from the codebase (and break any user Add-Ons
> > which use it) or do we prefer to replace all the per-system
> implementations
> > with a single 'mock' implementation which returns empty string (or
> errors)
> > for each property getter?
> >
> > Having read the design-doc (particularly the parts on finger printing) it
> > seems like ripping out the class entirely is a bad idea as it would
> > immediately identify the browser as a modern Tor Browser (given how old
> the
> > API is and that vanilla Firefox still has it) and potentially break
> Add-Ons
> > using it. However, simply returning empty-string for these properties
> > would also identify the browser as Tor Browser. I know for certain that
> on
> > windows the username (at least) will always return *something* so getting
> > empty string here would also point to Tor Browser.
> >
> > All that said, I suspect either of the above solutions are preferable to
> > leaking user identifying information.
>
> Indeed. Identifying the browser as Tor Browser is not such a big deal.
> It's probably not even possible to hide that fact. But we should avoid
> breaking extensions. Although we are strongly discouraging the
> installation of additional extensions, users should be free to override
> this decision and retain a functional browsing experience.
>
> Thus, returning an empty string (or the same non-empty values for every
> Tor Browser user) would be a good solution. Bonus points for binding
> that to a preference in case there are indeed extensions out there that
> rely on that kind of information being somewhat accurate. And having the
> preference govern this behavior should make it easier for us to upstream
> the patch to Mozilla (which is one of the important goals for writing
> all those patches in the first place).
>
> Georg
>
> > What do you think?
> >
> > best,
> > -Richard
> >
> >
> >
> > _______________________________________________
> > tbb-dev mailing list
> > tbb-dev at lists.torproject.org
> > https://lists.torproject.org/cgi-bin/mailman/listinfo/tbb-dev
> >
>
>
>
> _______________________________________________
> tbb-dev mailing list
> tbb-dev at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tbb-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tbb-dev/attachments/20170720/40560dab/attachment.html>
More information about the tbb-dev
mailing list