[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #32418 [Applications/Tor Browser]: Torbrowser tells on every start, that it can't update although it is newest
#32418: Torbrowser tells on every start, that it can't update although it is newest
--------------------------------------+-----------------------------------
Reporter: Yeti | Owner: tbb-team
Type: defect | Status: needs_information
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: tbb-update | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------------------+-----------------------------------
Changes (by mcs):
* cc: tbb-team (added)
Comment:
Replying to [comment:7 Yeti]:
> Status "needs_information"... which information is needed exactly?
I believe I changed the status to `needs_information` after I posted
comment:4. We discussed this ticket during our Tor Browser meeting on
25-November-2019. The consensus was that we should avoid creating and
maintaining a patch for this if we can possibly avoid doing so (we know
Mozilla will not accept such a patch). Some suggestions were made during
the meeting which we have now investigated:
Idea 1: Tell users to set `app.update.url` to a value that will not cause
an update prompt. Unfortunately, end-users cannot do this in a way that
persists across browser restarts (this is by design; Mozilla does not want
malware to be able to easily disable updates).
Idea 2: Learn from what Tails did to address this issue (see
https://redmine.tails.boum.org/code/projects/tails/repository/revisions/e43247dd2558dd391342855796e18c3186a43807).
Tails uses a multi-faceted approach:
1. Permanently point the `app.update.url` preference to a non-existent
place. Tails accomplishes this by modifying one of the `omni.ja` files
within the Tor Browser package, which is not a solution we can recommend
to end-users.
2. Set `app.update.disabledForTesting` to `true`. Unfortunately, that
preference has no effect outside of test runs, i.e., it is ignored unless
the browser is running under Marionette control.
3. Set `app.update.doorhanger` to `false`. This will suppress most of the
update-related prompts. However, the older update UI will be used which
means that eventually a windowed prompt will be shown to tell users that
their browser may be out of date. Also, this is not a long term solution
because Mozilla removed support for this pref from recent versions of
Firefox. However, it is something that end-users can experiment with in
Tor Browser 9.x.
4. Set `app.update.auto` to `false`. This will prevent automatic updates
but won't suppress prompts or prevent download attempts. Tails sets this
as a "defense in depth" measure to avoid any chance of an automatic
update. I don't think this will be helpful for the scenario covered by
this ticket.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/32418#comment:8>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs