Closed Bug 401267 Opened 17 years ago Closed 17 years ago

KB article: Firefox makes unrequested connections

Categories

(support.mozilla.org :: Knowledge Base Articles, task)

Product:
support.mozilla.org
Component:
Knowledge Base Articles
Type:
task
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
VERIFIED FIXED

People

(Reporter: jason.barnabe, Assigned: stevee)

References

(
URL
)

Details

People are suspicious of Firefox making requests they didn't explicitly ask for (anti-phishing, live bookmarks, software updates, loopback, etc).. Explain what each one is and how to turn it off.

Source data:
http://kb.mozillazine.org/Connections_established_on_startup_-_Firefox (this is about at startup only)
Assignee: nobody → steve.england
Status: ASSIGNED → NEW
Status: NEW → ASSIGNED
Steve, that's great news! Let me know if you need any help or have any questions. Please mark this bug as FIXED when you feel the article is ready for review. Thanks!
--> FIXED

I believe the article is now in a state for review.
Status: ASSIGNED → RESOLVED
Closed: 17 years ago
Resolution: --- → FIXED
Some notes:
- What do you think of replacing the bullets with headings?
- Avoid linking to bugs.
- You can use content id's for opening the options window. See <http://support.mozilla.com/kb/Content+IDs>.

If you prefer headings to bullets then I can make that change no probs; This would then let me use the content id's. (As they are currently defined, I couldn't get them to work with the indentation I was using).

I did read somewhere that one shouldn't link to bugs, but i thought in this case it might be acceptable. I think this article will only ever get read by the uber-anal everyone's-spying-on-me anonymous-proxy-using bit-counting paranoid types that know about networking and loopback connections and that kind of stuff. In this circumstance, they'd probably appreciate some tech-talk by devs on why firefox makes a loopback connection. But if you still want me to remove it, then it shall be done.
Yes, use headings. This allows us to use dynamic content for opening the options window.

If you feel this should be an exception to not-linking-to-bugs, that's fine. I just wanted to make sure you were aware of that.
Thanks for the feedback Chris - the article looks much better (and its source is easier to read) with headings.
-Can we replace the word "paranoid" with "concerned"? I don't want to call users paranoid.
-Does "non-Unix" mean Windows?
-Live Bookmarks reload, not refresh.
-"for your add-ons (extensions, themes, etc)" What's "etc" here? I didn't realize anything updated other than extensions and themes. If there is more, you don't need to include to list them, just keep this as is.
-"untick" isn't a word.
-Include instructions on what to do if the about:config prefs are already set the "right" way. It's obvious to us that you should do nothing, but I've seen a few comments so far on other articles where people get confused.
-"If you use them, your microsummary bookmark(s) may be updating themselves." If you don't use them, they still will be updating themselves. I think you mean "If you have microsummary bookmarks, they may be updating themselves".
-Is the Microsummaries page on w.m.o useful?
-If you can find a way to have the Extensions section not repeat itself, that'd be good.
-Don't use the the "bookmark(s)" and "Download(s)" form. Just make it plural.
> -Does "non-Unix" mean Windows?

Waiting for kaie to return from his holidays so I can ask him about bug 100154 comment 10

> -"for your add-ons (extensions, themes, etc)" What's "etc" here? I didn't
> realize anything updated other than extensions and themes. If there is more,
> you don't need to include to list them, just keep this as is.

I believe it's technically possible for a plugin to have an update found through the addons update check - although I know of none that currently do.

> -"untick" isn't a word.

Blimey. It's not is it o_O How should i phrase the bits where you have to untick a tickbox ;-)

> -Is the Microsummaries page on w.m.o useful?

I don't think many people have microsumamries, but because they don't know what they are, they won't know they don't have any. I'd prefer to link to a sumo article, but since there's not one knocked up yet, I can't. (My next article perhaps)

The rest of the comments are A-OK with me.
Other articles use "uncheck", but that may or may not be a word either, depending on who you ask.

We'll leave it at "non-Unix" for now. If you find out that that means just Windows, change it later.

But this article is good enough to go live now. I've approved the changes, good work.
Status: RESOLVED → VERIFIED
WRT using the microsummaries link, that is what is used in the Fx2 release notes:
<http://www.mozilla.com/en-US/firefox/2.0/releasenotes/#whatsnew>

However, the terminology in the UI (and the relnotes) is "Live Titles", not "Microsummaries"; so we should be referring to them as Live Titles.
OK I think i've addressed all the points made in comment 8 with revision 9 of the staging copy of the article

I think for users it will be hard for them to understand the difference between Live Bookmarks and Live Titles. I also think that a Live Title is the end result of a Microsumamry, so I've left the microsummary link in the Live Title heading.
A la bug 415168, <ping> has been disabled by default because "The spec has changed under us so we're now at a state of no UI, no good proposal for a UI, and no compliant implementation."

So I guess this means it's not going to work, so should we remove the 'Link pinging' section from this article, or leave it in in case someone turns it on and someone else implements firefox's non-compliant implementation to somehow track people?
I'm concerned that we have absolutely no warnings for users that turning off the auto updating and the extension blacklisting can be a bad idea.
We have to provide support for Firefox 2 as well, until it reaches EOL.
I suggest you update <http://wiki.mozilla.org/Support/Firefox3:Articles>; so we can apply the changes when Firefox 3 is released.
Ahh, okay, no I see that section only applies to Firefox 3.
I that case, let's remove the section.
OK I've removed the <a ping> section. Do you want me to add anything wrt Lucy's comment 14? Either
1) one warning at the top that disabling some of these features can effect the security of firefox, or
2) warnings in the specific heading that would effect security if turned off, eg: Auto-update checking, Anti-phishing list updating, Anti-malware list updating, and Extension blacklist updating

?
It might be better just to comment the ping stuff out and leave a note why it's not in the article rather than remove it. Otherwise I can see someone not knowing it's disabled and adding it back at a later date.
Seeing as it is not enabled on any end-user release, and there's no UI (thus forcing the user already knowing of the feature to use about:config and see that it is disabled), I'd say the chances of someone tying to add it are very slim.

With regards to a warning on disabling extension auto-update, put the warning in the actual section. This way, the user knows which features result in better security.

By the way, considering this article is already in the KB (VERIFIED FIXED), we should use the staging article comments, rather than bugzilla. :-)
You need to log in before you can comment on or make changes to this bug.