[tor-bugs] #33003 [Applications/Tor Browser]: Tor browser / Firefox telemetry data

Tor Bug Tracker & Wiki blackhole at torproject.org
Thu Jan 23 11:03:52 UTC 2020

#33003: Tor browser / Firefox telemetry data
 Reporter:  cypherpunks               |          Owner:  tbb-team
     Type:  defect                    |         Status:  needs_information
 Priority:  Medium                    |      Milestone:
Component:  Applications/Tor Browser  |        Version:
 Severity:  Normal                    |     Resolution:
 Keywords:  TorBrowserTeamTriaged     |  Actual Points:
Parent ID:                            |         Points:
 Reviewer:                            |        Sponsor:

Comment (by cypherpunks):

 > Their existence is not a bug

 Still that same existence is an open door to anti-privacy. Suppose a case
 when the user plays with `about:config` or other preferences and
 inadvertently enables an anti-privacy feature such as telemetry or
 anything else which exists in Firefox. If the URLs had been removed he
 would not be able to de-anonymize the browser. IOW not having those URLs
 can be seen as a precaution.

 > if they are used in unexpected ways, then that may be a bug.

 As I mentioned initially, my personal expectation from a privacy
 respecting browser is 0 (zero) background connections, i.e. ones not
 initiated by me explicitly or through a setting which I explicitly set-up.
 This means: out of the box there should be no connections other than those
 related to typed URLs. I suppose HTTPS-E must be considered along these
 lines too as it has some mechanism for remote updates. All that should be
 an opt-in on first run.

 > This happens occasionally, but are you reporting this is happening now?

 I don't know how to tcpdump the connections which Tor Browser makes as I
 don't know how to tcpdump anything that passes through Tor. If you explain
 how to do this I can try.

 > Can you provide steps for reproducing it?

 I found this which seem related to all those background connections (in


 Note how Mozilla (that "privacy respecting" and "non-profit" organization)
 closed this as WONTFIX and linked it to another bug report which was also
 closed as WONTFIX. To date these automatic connections in Firefox persist
 and their documentation about how to disable them is still not complete.
 Mozilla Firefox's privacy policy is an anti-privacy policy. Just read:


 By default they *share* a lot. But private means not shared, i.e. the

 In contrast ungoogled-chromium makes zero background connections out of
 the box (tested). Perhaps it is a better alternative for being a new basis
 for Tor Browser because it can already be configured to work through Tor
 proxy, so all it needs is some fine tuning about reducing the fingerprint.
 What do you say? (I realize this is not a bug report but a wider
 discussion. Please advise where it is appropriate to talk about that if
 you think it is worthwhile)

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/33003#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list