Open Bug 1091942 Opened 5 years ago Updated 11 hours ago

Adjust preference white/blacklisting in Troubleshoot.jsm to ensure no PII/fingerprints are exposed

Categories

(Firefox :: General, defect)

defect
Not set

Tracking

()

People

(Reporter: markh, Unassigned)

References

(Blocks 1 open bug)

Details

about:support contains prefs that are potentially personally identifying.  Examples includes prefs with the complete profile directory, eg:

media.gmp-gmpopenh264.path=C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\1bqlg77d.default\gmp-gmpopenh264 (with the real username)

and other concerns from bsmedberg:

1) because this whitelist is a prefix whitelist and has some very large branches, it's hard to reason about the privacy implications of the change especially over time. If the whitelist was mostly individual pref names, I'd be a lot more comfortable with my understanding.

2) Just viewing my own about:support data, I have concerns about the fingerprintability of the following prefs:

media.gmp-gmpopenh264.lastUpdate
places.database.lastMaintenance
storage.vacuum.last.places.sqlite

Because those numbers are absolute instead of relative to the current time, they are pretty highly identifying across multiple reports.

This is a concern both for about:support (where we typically ask users to paste the complete output somewhere) and also for bug 1079563 which is exposing some of this about:support data to whitelisted sites.
Blocks: 1091944
hi, it would be rather important for sumo contributors to have the modified preferences included when accessing the troubleshooting information data (bug 1091944).

the four particular examples you've mentioned (media.gmp*-path and timestamps) aren't particularly important to troubleshoot issues and i think they could just be scrapped from about:support in general.
See Also: → 1611980
You need to log in before you can comment on or make changes to this bug.