Open
Bug 1091942
Opened 10 years ago
Updated 2 years ago
Adjust preference white/blacklisting in Troubleshoot.jsm to ensure no PII/fingerprints are exposed
Categories
(Firefox :: General, defect)
Firefox
General
Tracking
()
NEW
People
(Reporter: markh, Unassigned)
References
(Blocks 1 open bug)
Details
about:support contains prefs that are potentially personally identifying. Examples includes prefs with the complete profile directory, eg: media.gmp-gmpopenh264.path=C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\1bqlg77d.default\gmp-gmpopenh264 (with the real username) and other concerns from bsmedberg: 1) because this whitelist is a prefix whitelist and has some very large branches, it's hard to reason about the privacy implications of the change especially over time. If the whitelist was mostly individual pref names, I'd be a lot more comfortable with my understanding. 2) Just viewing my own about:support data, I have concerns about the fingerprintability of the following prefs: media.gmp-gmpopenh264.lastUpdate places.database.lastMaintenance storage.vacuum.last.places.sqlite Because those numbers are absolute instead of relative to the current time, they are pretty highly identifying across multiple reports. This is a concern both for about:support (where we typically ask users to paste the complete output somewhere) and also for bug 1079563 which is exposing some of this about:support data to whitelisted sites.
Comment 1•9 years ago
|
||
hi, it would be rather important for sumo contributors to have the modified preferences included when accessing the troubleshooting information data (bug 1091944). the four particular examples you've mentioned (media.gmp*-path and timestamps) aren't particularly important to troubleshoot issues and i think they could just be scrapped from about:support in general.
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•