Re: [tor-bugs] #27268 [Applications/Tor Browser]: preferences cleanup

["Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>]

#27268: preferences cleanup
-------------------------------------------------+-------------------------
 Reporter:  rzb                                  |          Owner:  tbb-
                                                 |  team
     Type:  defect                               |         Status:
                                                 |  needs_review
 Priority:  Medium                               |      Milestone:
Component:  Applications/Tor Browser             |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  ff68-esr, TorBrowserTeam201910R,     |  Actual Points:
  GeorgKoppen201910                              |
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------

Comment (by gk):

 Replying to [comment:21 Thorin]:
 > Replying to [comment:20 gk]:
 > > Great work! I'll start with a patch for the first three sections. What
 should we set `intl.charset.fallback.override` to in your opinion?
 >
 > IMO this shouldn't be done here: but rather be tied to
 privacy.spoof_english: see
 https://trac.torproject.org/projects/tor/ticket/20025#comment:5 .. the
 solution part
 >
 > > > Set `intl.charset.fallback.override` = `windows-1252` when
 `privacy.spoof_english` = `2`, and reset it when `privacy.spoof_english`
 !== `2`. Do this upstream

 I see.

 > > `bug_27268` (https://gitweb.torproject.org/user/gk/tor-
 browser.git/log/?h=bug_27268) has the first batch of prefs fixups for
 review (two commits). There is a Torbutton patch, too, in `bug_27268`
 (https://gitweb.torproject.org/user/gk/torbutton.git/commit/?h=bug_27268&id=a2eac79bab7c2afa17cd45109a5669cf528215c0):
 Note, I removed `security.pki.sha1_enforcement_level` as well even though
 the pref is still in action. But we set it to a lower value than Mozilla
 ships today which we should not do.
 >
 > Urgent, Deprecated + Not-in-DXR (first three sections) check: I don't
 see the following being removed
 > - intl.charset.default
 > - media.gmp-eme-adobe.visible
 > - media.gmp-eme-adobe.enable
 > - browser.download.manager.scanWhenDone
 > - browser.download.manager.retention

 Huh, you are right. `bug_27268_v2` (https://gitweb.torproject.org/user/gk
 /tor-browser.git/log/?h=bug_27268_v2) should fix that. The eme prefs were
 removed earlier on on our latest branch.

 > And I don't see a dom.netinfo.enabled in the tor button code

 Hrm. I am not sure yet what we should do. While we don't defend against os
 fingerprinting leaving the netinfo state the way it is seems a bit lame. I
 guess we should disable it everywhere?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/27268#comment:22>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs