Closed Bug 269120 Opened 20 years ago Closed 19 years ago

no UI for "network.prefetch-next" pref

Categories

(Firefox :: Settings UI, defect)

Product:
Firefox
Component:
Settings UI
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED WONTFIX

People

(Reporter: jerome.bouat, Assigned: bugzilla)

References

Details

User-Agent:       Mozilla/5.0 (X11; U; Linux i686; fr-FR; rv:1.7.5) Gecko/20041108 Firefox/1.0
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; fr-FR; rv:1.7.5) Gecko/20041108 Firefox/1.0

I had this option in Mozilla 1.7.2 .

For home computing, I use the links preloading but I disable it on work stations
at my work place since it overloads our enterprise proxy.

Reproducible: Always
Steps to Reproduce:
1.
2.
3.
You can turn that off by going to about:config and changing the value of
network.prefetch-next to false.

I doubt there will ever be UI in FF to expose that setting.
Summary: no option for linked pages preloading → no UI for "network.prefetch-next" pref
Status: UNCONFIRMED → RESOLVED
Closed: 19 years ago
Resolution: --- → WONTFIX
Status: RESOLVED → UNCONFIRMED
Resolution: WONTFIX → ---
This isn't something we need UI for in Firefox.
Status: UNCONFIRMED → RESOLVED
Closed: 19 years ago19 years ago
Resolution: --- → WONTFIX
*** Bug 309776 has been marked as a duplicate of this bug. ***
Almost without exception, every person (ordinary users that are not programmers)
I've asked voiced a strong desire to see a UI method to disable prefetching.
PLEASE: as numerous users have already requested, both disable link prefetching
by default, and add an interface for those who want it enabled.  If link
prefetching gets abused, the ramifications can me significant.  If you think
this is just baseless paranoia, consider the following hypothetical, but
possible, scenario:

You are a Firefox user on a corporate network.  You visit an innocuous looking
site to gather information for some research you are conducting.  Unbeknownst to
you, the site either was setup by someone malicious or was hacked and the HTML
code modified.  This site contains a lot of useful information, so you are there
for a considerable amount of time.  Meanwhile, your Firefox browser is
prefetching child pr0n through links you cannot actually see, because they have
been coded as a single dot, over a same-color background in a very thin or
"collapsed" (and thus unnoticaeble) frame at the very bottom of every page you
visit (either that or the links are just placed at the very bottom of every page
and likewise disguised).

To make matters worse, you go through your company's proxy server, which is
happily caching all the images, and your corporate content filter is quite
happily passing it all, because the source URL is new (thus not in the filtering
list) and filenames all look fine.

So the Mozilla dev retorts, "yeah but... you're not technically downloading the
files yourself" - never mind that they are being stored both on the company's
servers and in you browser cache.  Things couldn't get any worse now could they?
 Wanna bet...

Three days later, US Federal agents come a knocking, wondering who their bad boy
is.  They'd been monitoring Internet traffic and noticed the illicit activity. 
They confiscate the company's servers and your computer and find all the
evidence they need to put you away for a long time.

"But," you say, "surely they would be able to prove that it was the Firefox
prefetch that did it and not you!"  Riggghhhhht.  Keep dreaming.  They are so
incensed by your "conduct" and now they have a conviction; nuff said.  You're a
n00b and no one else has clued in to the prefetch possibility.  The evidence is
on your computer.  The agents are happy they got "a pervert" off the streets. 
The company doesn't want any of it to stick to them, so they're going to help
the agents nail you as expediently as possible.  Few people really liked you
anyways.  For all they know, you could have saved the actual downloads on some
removable media then destroyed it.  You have no alibi.  Besides, after the media
circus, kiss any reputation you may have had left goodbye.  You're ruined... You
are incarcerated.  A few days later, the coroner pays you a visit.  

I would seriously reconsider the default ("as-shipped") condition of this
feature.  Well, I've just turned off link prefetching, thank you very much.  Now
how about you?
IU: disabling link prefetching will not solve the problem you are concerned
about.  it is trivial to make a web page fetch images that will not appear to
the user.  link prefetching adds very little by way of a vector for abuse here.
 consider this simple HTML page:

  <html>
  <body>
    blah...
    <img src="http://evil.com/pr0n.jpg" width="1" height="1">
    blah...
  </body>
  </html>

no link prefetching is involved, and yet an unwanted image is fetched that goes
unnoticed by the user.   enough said.
Hmmm.  Good point.  Forgot all about that capability. :-)


Just because a web page has a web bug (embedded image from another website) DOES NOT justify the mozilla team's decision to embed a privacy-violating feature in Firefox, enabled it by DEFAULT, and provide no simple UI mechanism to disable the feature.

So, your are saying that if some webmasters are doing evil tricks, that justifies Firefox doing something similar, without even providing a simple mechanism for users to turn off the feature?   Sheesh.

BTW, Firefox has a nice, friendly UI control to disable loading of images other than from the originating website.  Darin, your argument obviously lacks sound logic.

So obviously we need a Firefox plugin to fix what the Firefox team refuses to fix.  Any takers?
> So, your are saying that if some webmasters are doing evil tricks, that
> justifies Firefox doing something similar, without even providing a simple
> mechanism for users to turn off the feature?   Sheesh.

No, I'm saying that it is better to have websites inform Firefox that they intend to prefetch content.  That way, the browser can defer prefetching until the visible content is loaded, serialize the prefetching, and generally ensure that it works better for the user and the website.  I contend that "link prefetching" as implemented in mozilla does not give websites anymore capability to "do evil" than what they already have.


> BTW, Firefox has a nice, friendly UI control to disable loading of images 
> other than from the originating website.

Who said the offensive images could not come from the originating site?  Any site you visit has the power to send you offensive images, and this is possible even if you disable all support for images in the browser.  The site can simply send the image as text/plain to a hidden <IFRAME>, and the browser will happily insert the image _data_ into your web cache.
sorry for bugspam, long-overdue mass reassign of ancient QA contact bugs,
filter on "beltznerLovesGoats" to get rid of this mass change
QA Contact: mconnor → preferences
You need to log in before you can comment on or make changes to this bug.