[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #19048 [Applications/Tor Browser]: Review Firefox Developer Docs and Undocumented bugs since FF45esr

#19048: Review Firefox Developer Docs and Undocumented bugs since FF45esr
--------------------------------------------+--------------------------
 Reporter:  gk                              |          Owner:  tbb-team
     Type:  task                            |         Status:  new
 Priority:  Medium                          |      Milestone:
Component:  Applications/Tor Browser        |        Version:
 Severity:  Normal                          |     Resolution:
 Keywords:  ff52-esr, TorBrowserTeam201702  |  Actual Points:
Parent ID:                                  |         Points:
 Reviewer:                                  |        Sponsor:  Sponsor4
--------------------------------------------+--------------------------

Comment (by mcs):

 Replying to [comment:5 tom]:
 > We will want to set browser.selfsupport.enabled to false to disable
 Normandy aka Shield aka Self Support aka Self Repair. To be safe we can
 also redirect browser.selfsupport.url

 This is already done; see #18738.

 > We probably want to disable stuff under browser.uitour.

 We already have `browser.uitour.enabled = false` but to be even safer
 maybe we should modify the browser.uitour prefs that contain URLs?

 > I'm not sure how to get to it in 52, but in 53, the WebIDE auto-installs
 some extensions it downloads from Mozilla. Probably best to disable it via
 devtools.webide.enabled

 We already have the following in browser/app/profile/000-tor-browser.js:
  pref("devtools.webide.autoinstallADBHelper", false);
  pref("devtools.webide.autoinstallFxdtAdapters", false);
  pref("devtools.webide.enabled", false);
  pref("devtools.appmanager.enabled", false);


 > The Telemetry experiments features should be disabled (experiments.*)

 Agreed.

 > There is something called "Extensions Discovery" governed by
 extensions.getAddons.showPane

 Setting that pref to false removes the "Get Add-ons" panel from
 about:addons. I don't think we have to remove it, but doing so would
 discourage use of add-ons in Tor Browser (and we don't have any control
 over what add-ons Mozilla might show on that panel).

 > Probably want to disable security.ssl.errorReporting

 Agreed.

 > There's something called 'Social' under social.* including the scary one
 social.remote-install.enabled

 It looks like we have #13612 for this. We should look at it for ESR52.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/19048#comment:8>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs