[tor-commits] [tor-browser/tor-browser-60.4.0esr-8.5-1] Bug 12885: Windows Jump Lists fail for Tor Browser

gk at torproject.org gk at torproject.org
Fri Jan 25 07:52:16 UTC 2019


commit f4606d1c1c35eb36edf3c7cd6b2904be01f19f32
Author: Richard Pospesel <richard at torproject.org>
Date:   Fri Jan 25 07:51:14 2019 +0000

    Bug 12885: Windows Jump Lists fail for Tor Browser
    
    Jumplist entries are stored in a binary file in:
      %APPDATA%\\Microsoft\Windows\Recent\CustomDestinations\
    and has a name in the form
      [a-f0-9]+.customDestinations-ms
    
    The hex at the front is unique per app, and is ultimately derived from
    something called the 'App User Model ID' (AUMID) via some unknown
    hashing method. The AUMID is provided as a key when programmatically
    creating, updating, and deleting a jumplist. The default behaviour in
    firefox is for the installer to define an AUMID for an app, and save it
    in the registry so that the jumplist data can be removed by the
    uninstaller.
    
    However, the Tor Browser does not set this (or any other) regkey during
    installation, so this codepath fails and the app's AUMID is left
    undefined. As a result the app's AUMID ends up being defined by
    windows, but unknowable by Tor Browser. This unknown AUMID is used to
    create and modify the jumplist, but the delete API requires that we
    provide the app's AUMID explicitly. Since we don't know what the AUMID
    is (since the expected regkey where it is normally stored does not
    exist) jumplist deletion will fail and we will leave behind a mostly
    empty customDestinations-ms file. The name of the file is derived from
    the binary path, so an enterprising person could reverse engineer how
    that hex name is calculated, and generate the name for Tor Browser's
    default Desktop installation path to determine whether a person had
    used Tor Browser in the past.
    
    The 'taskbar.grouping.useprofile' option that is enabled by this patch
    works around this AUMID problem by having firefox.exe create it's own
    AUMID based on the profile path (rather than looking for a regkey). This
    way, if a user goes in and enables and disables jumplist entries, the
    backing store is properly deleted.
    
    Unfortunately, all windows users currently have this file lurking in
    the above mentioned directory and this patch will not remove it since it
    was created with an unknown AUMID. However, another patch could be
    written which goes to that directory and deletes any item containing the
    'Tor Browser' string.  See bug 28996.
---
 browser/app/profile/000-tor-browser.js | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/browser/app/profile/000-tor-browser.js b/browser/app/profile/000-tor-browser.js
index 2b238dd87c1b..11027f4c9a3a 100644
--- a/browser/app/profile/000-tor-browser.js
+++ b/browser/app/profile/000-tor-browser.js
@@ -326,6 +326,18 @@ pref("browser.onboarding.newtour", "welcome,privacy,tor-network,circuit-display,
 pref("browser.onboarding.updatetour", "welcome,privacy,tor-network,circuit-display,security,expect-differences,onion-services");
 pref("browser.onboarding.skip-tour-button.hide", true);
 
+// prefs to disable jump-list entries in the taskbar on Windows (see bug #12885)
+#ifdef XP_WIN
+// this pref changes the app's set AUMID to be dependent on the profile path, rather than
+// attempting to read it from the registry; this is necessary so that the file generated
+// by the jumplist system can be properly deleted if it is disabled
+pref("taskbar.grouping.useprofile", true);
+pref("browser.taskbar.lists.enabled", false);
+pref("browser.taskbar.lists.frequent.enabled", false);
+pref("browser.taskbar.lists.tasks.enabled", false);
+pref("browser.taskbar.lists.recent.enabled", false);
+#endif
+
 #ifdef TOR_BROWSER_VERSION
 #expand pref("torbrowser.version", __TOR_BROWSER_VERSION__);
 #endif



More information about the tor-commits mailing list