1091942 - Adjust preference white/blacklisting in Troubleshoot.jsm to ensure no PII/fingerprints are exposed

Status: NEW

(Firefox :: General, defect)

Description

[Mark Hammond [:markh] [:mhammond]]

about:support contains prefs that are potentially personally identifying.  Examples includes prefs with the complete profile directory, eg:

media.gmp-gmpopenh264.path=C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\1bqlg77d.default\gmp-gmpopenh264 (with the real username)

and other concerns from bsmedberg:

1) because this whitelist is a prefix whitelist and has some very large branches, it's hard to reason about the privacy implications of the change especially over time. If the whitelist was mostly individual pref names, I'd be a lot more comfortable with my understanding.

2) Just viewing my own about:support data, I have concerns about the fingerprintability of the following prefs:

media.gmp-gmpopenh264.lastUpdate
places.database.lastMaintenance
storage.vacuum.last.places.sqlite

Because those numbers are absolute instead of relative to the current time, they are pretty highly identifying across multiple reports.

This is a concern both for about:support (where we typically ask users to paste the complete output somewhere) and also for bug 1079563 which is exposing some of this about:support data to whitelisted sites.

Comment 1

[[:philipp]]

hi, it would be rather important for sumo contributors to have the modified preferences included when accessing the troubleshooting information data (bug 1091944).

the four particular examples you've mentioned (media.gmp*-path and timestamps) aren't particularly important to troubleshoot issues and i think they could just be scrapped from about:support in general.