1122046 - Whitelist of user preferences to send with Telemetry Pings.

Status: RESOLVED FIXED

(Firefox Health Report Graveyard :: Client: Desktop, defect)

Description

[Alessio Placitelli [:Dexter]]

We need to compile a list of user preferences to watch for changes and send along with Telemetry Pings.

Comment 1

[Benjamin Smedberg]

Attachment: telemetry-prefs-list.txt

Here's an initial list. Note that there is a little complexity here, in that for some prefs we want to record the fact that there is a non-default value without actually recording that value: e.g. browser.startup.homepage we want to know if it has been changed, but not the actual value.

Comment 2

[Benjamin Smedberg]

Comment on attachment 8554686 [details]
telemetry-prefs-list.txt

Georg, please review for technical sanity.

Vladan, please review for the privacy implications of collecting these prefs.

Comment 3

[Georg Fritzsche [:gfritzsche]]

Comment on attachment 8554686 [details]
telemetry-prefs-list.txt

> Prefs should only be recorded in the environment if they are a non-default value.
> Prefs marked with a * should only record whether the pref is a non-default setting;
> the actual value should not be recorded

That sounds good.

> dom.ipc.plugins.enabled
Also:
dom.ipc.plugins.enabled.i386
dom.ipc.plugins.enabled.x86_64

> browser.newtab.url
Also sensitive data?

Comment 4

[Georg Fritzsche [:gfritzsche]]

(In reply to Georg Fritzsche [:gfritzsche] from comment #3)
> > dom.ipc.plugins.enabled
> Also:
> dom.ipc.plugins.enabled.i386
> dom.ipc.plugins.enabled.x86_64

What about flash- or java-specific overrides?

Comment 5

[Georg Fritzsche [:gfritzsche]]

Do you want the upcoming browser.selfsupport.enabled in the list? (bug 1111022)

Comment 6

[Benjamin Smedberg]

Sure.

Comment 7

[Benjamin Smedberg]

The Firefox UI doesn't expose a way to change browser.newtab.url; I'm recording it to see how much it gets hijacked (I know of at least one malware addon which hijacks it). So I don't think the value is sensitive.

At this point I'm not particularly worried about the details of ipc.plugins.enabled bits. You can include more if you like, but the plugin-specific settings are probably overkill.

Comment 8

[Vladan Djeric (:vladan)]

Comment on attachment 8554686 [details]
telemetry-prefs-list.txt

I'm against submitting the browser.newtab.url. Even if was an addon that changed browser.newtab.url, the URL could contain user-identifying data (e.g. an email address or userID). 

There are also sites that instruct users to manually change their newtab url, e.g. do a search for "browser.newtab.url".

Even if we just reported the TLD portion of the URL, I'd be hesitant to send that to our servers.

Why not just treat this the same way as browser.startup.homepage?

Comment 9

[Vladan Djeric (:vladan)]

Also, please add layout.css.devPixelsPerPx pref to this list. It shows text scaling and can affect performance

Comment 10

[Vladan Djeric (:vladan)]

*it controls text scaling

Comment 11

[Georg Fritzsche [:gfritzsche]]

(In reply to Vladan Djeric (:vladan) from comment #8)
> Comment on attachment 8554686 [details]
> telemetry-prefs-list.txt
> 
> I'm against submitting the browser.newtab.url. Even if was an addon that
> changed browser.newtab.url, the URL could contain user-identifying data
> (e.g. an email address or userID). 
> 
> There are also sites that instruct users to manually change their newtab
> url, e.g. do a search for "browser.newtab.url".
> 
> Even if we just reported the TLD portion of the URL, I'd be hesitant to send
> that to our servers.
> 
> Why not just treat this the same way as browser.startup.homepage?

Comment 12

[Benjamin Smedberg]

ok, do browser.newtab.url like the homepage
devPixelsPerPx is ok