Whitelist of user preferences to send with Telemetry Pings.

RESOLVED FIXED

Status

RESOLVED FIXED
4 years ago
4 years ago

People

(Reporter: Dexter, Assigned: benjamin)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

(Reporter)

Description

4 years ago
We need to compile a list of user preferences to watch for changes and send along with Telemetry Pings.
(Reporter)

Updated

4 years ago
Blocks: 1120356
(Assignee)

Updated

4 years ago
Assignee: nobody → benjamin
(Assignee)

Comment 1

4 years ago
Created attachment 8554686 [details]
telemetry-prefs-list.txt

Here's an initial list. Note that there is a little complexity here, in that for some prefs we want to record the fact that there is a non-default value without actually recording that value: e.g. browser.startup.homepage we want to know if it has been changed, but not the actual value.
(Assignee)

Comment 2

4 years ago
Comment on attachment 8554686 [details]
telemetry-prefs-list.txt

Georg, please review for technical sanity.

Vladan, please review for the privacy implications of collecting these prefs.
Attachment #8554686 - Flags: review?(vdjeric)
Attachment #8554686 - Flags: review?(gfritzsche)
Blocks: 1122048
No longer blocks: 1120356
Comment on attachment 8554686 [details]
telemetry-prefs-list.txt

> Prefs should only be recorded in the environment if they are a non-default value.
> Prefs marked with a * should only record whether the pref is a non-default setting;
> the actual value should not be recorded

That sounds good.

> dom.ipc.plugins.enabled
Also:
dom.ipc.plugins.enabled.i386
dom.ipc.plugins.enabled.x86_64

> browser.newtab.url
Also sensitive data?
Attachment #8554686 - Flags: review?(gfritzsche) → review+
(In reply to Georg Fritzsche [:gfritzsche] from comment #3)
> > dom.ipc.plugins.enabled
> Also:
> dom.ipc.plugins.enabled.i386
> dom.ipc.plugins.enabled.x86_64

What about flash- or java-specific overrides?
Blocks: 1120356
No longer blocks: 1122048
Do you want the upcoming browser.selfsupport.enabled in the list? (bug 1111022)
(Assignee)

Comment 6

4 years ago
Sure.
(Assignee)

Comment 7

4 years ago
The Firefox UI doesn't expose a way to change browser.newtab.url; I'm recording it to see how much it gets hijacked (I know of at least one malware addon which hijacks it). So I don't think the value is sensitive.

At this point I'm not particularly worried about the details of ipc.plugins.enabled bits. You can include more if you like, but the plugin-specific settings are probably overkill.
Comment on attachment 8554686 [details]
telemetry-prefs-list.txt

I'm against submitting the browser.newtab.url. Even if was an addon that changed browser.newtab.url, the URL could contain user-identifying data (e.g. an email address or userID). 

There are also sites that instruct users to manually change their newtab url, e.g. do a search for "browser.newtab.url".

Even if we just reported the TLD portion of the URL, I'd be hesitant to send that to our servers.

Why not just treat this the same way as browser.startup.homepage?
Attachment #8554686 - Flags: review?(vdjeric)
Also, please add layout.css.devPixelsPerPx pref to this list. It shows text scaling and can affect performance
*it controls text scaling
(In reply to Vladan Djeric (:vladan) from comment #8)
> Comment on attachment 8554686 [details]
> telemetry-prefs-list.txt
> 
> I'm against submitting the browser.newtab.url. Even if was an addon that
> changed browser.newtab.url, the URL could contain user-identifying data
> (e.g. an email address or userID). 
> 
> There are also sites that instruct users to manually change their newtab
> url, e.g. do a search for "browser.newtab.url".
> 
> Even if we just reported the TLD portion of the URL, I'd be hesitant to send
> that to our servers.
> 
> Why not just treat this the same way as browser.startup.homepage?
Flags: needinfo?(benjamin)
(Assignee)

Comment 12

4 years ago
ok, do browser.newtab.url like the homepage
devPixelsPerPx is ok
Flags: needinfo?(benjamin)
(Assignee)

Updated

4 years ago
Status: NEW → RESOLVED
Last Resolved: 4 years ago
Resolution: --- → FIXED
Blocks: 1129252
Blocks: 1129253
You need to log in before you can comment on or make changes to this bug.