[tor-bugs] #21200 [Applications/Tor Browser]: Move all TB Mozilla service calls to .onions
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Feb 2 18:17:52 UTC 2017
#21200: Move all TB Mozilla service calls to .onions
--------------------------------------+--------------------------
Reporter: tom | Owner: tbb-team
Type: enhancement | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------------------+--------------------------
Comment (by tom):
This is a near-complete list, I think. It does _NOT_ include every place
that Tor Browser *links* to a website, but it hopefully contains every
automated behind the scenes call to Mozilla websites and it does include
some links also.
- Extension Blacklisting from Mozilla is enabled
- Pref: extensions.blocklist.enabled
- URL: https://blocklist.addons.mozilla.org/
- Extension Updating
- Pref: extensions.update.background.url
- Url: https://versioncheck.addons.mozilla.org
- 'Get Add-Ons' - this happens if you choose that tab in Tor Browser
- Pref: extensions.getAddons.*
- URL: https://services.addons.mozilla.org
- Extension Discovery - not sure what this is
- Pref: extensions.webservice.discoverURL
- https://discovery.addons.mozilla.org/
- Customize -> Themes -> Get More Themes opens a tab with this url
- Pref: lightweightThemes.getMoreURL
- URL: https://addons.mozilla.org/
- There's some stuff about media.gmp* but I'm not sure what this is...
- Firefox Sync
- Left uninvestigated due to the assumption that while I believe you
_can_ use this in Tor Browser, that no one does. (and I have no idea how
it would behave)
- Devtools
- It appears devtools.devices.url
(https://code.cdn.mozilla.net/devices/devices.json) will get downloaded
for a database of device information.
- WebIDE will auto-install extensions from https://ftp.mozilla.org/
- In particular I saw devtools.webide.adaptersAddonURL and
devtools.webide.adbAddonURL but devtools.webide.simulatorAddonsURL looks
like another one
- And templates downloaded from devtools.webide.templatesURL
- OneCRL and other Kinto-based services (This may not be in ESR 45 but
will be in 52)
- Services: OneCRL, 'addons', 'gfx', 'plugins'
- OneCRL is certificate blacklisting
- gfx is disabling hardware acceleration for graphics cards or drivers,
see https://wiki.mozilla.org/Blocklisting/Graphics
- I am unsure how addon/plugin blacklisting functions here compared to
the above blocklist.
- Pref: services.settings.server and services.blocklist.*
- URL: https://firefox.settings.services.mozilla.com/v1
- Example:
https://firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/records
(I couldn't figure out what a link to an actual data source would be...)
- Crash Reporter and Telemetry are disable
I researched what would happen if Mozilla's blocklist was used against the
Tor add-ons. The next restart of Tor Browser would have the add-ons
disabled; and browsing would not work, giving an error that the proxy
server is refusing connections.
I confirmed that extensions.systemAddons were not enabled. I also put some
random other notes in #19048
Based off of all of this I am going to propose Mozilla start with one of
the following with the choice probably being whichever one is easiest:
- https://versioncheck.addons.mozilla.org - This one may be most
preferable, as the version check can be initiated by the user, which
allows for easy testing.
- https://blocklist.addons.mozilla.org
- https://firefox.settings.services.mozilla.com
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21200#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list