Closed
Bug 1428583
Opened 7 years ago
Closed 7 years ago
[privacy]Disable thumbnails if all open windows are in Private Browsing mode
Categories
(Firefox :: New Tab Page, defect, P2)
Tracking
()
People
(Reporter: marcin2006, Assigned: ursula)
References
Details
(Keywords: privacy)
Attachments
(1 file)
User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:57.0) Gecko/20100101 Firefox/57.0
Build ID: 20171207194519
Steps to reproduce:
Hello,
upon Firefox start on Linux with firejail with options firefox --private-window --safe-mode I can instantly see following connections:
tcp 0 0 192.168.1.2:38214 2.17.157.111:443 ESTABLISHED
tcp 0 0 192.168.1.2:59480 216.58.209.46:80 ESTABLISHED
tcp 0 0 192.168.1.2:49582 216.58.209.46:443 ESTABLISHED
tcp 0 0 192.168.1.2:36582 2.22.52.82:80 ESTABLISHED
tcp 0 0 192.168.1.2:60996 216.58.209.40:443 ESTABLISHED
tcp 0 0 192.168.1.2:51464 216.58.209.35:443 ESTABLISHED
tcp 0 0 192.168.1.2:43974 34.249.129.167:443 ESTABLISHED
tcp 0 0 192.168.1.2:40202 34.216.156.21:443 ESTABLISHED
tcp 0 0 192.168.1.2:38218 2.17.157.111:443 ESTABLISHED
tcp 0 0 192.168.1.2:38216 2.17.157.111:443 ESTABLISHED
tcp 0 0 192.168.1.2:35122 216.58.209.36:443 ESTABLISHED
tcp 0 0 192.168.1.2:33858 216.58.209.45:443 ESTABLISHED
tcp 0 0 192.168.1.2:38558 173.194.220.157:443 ESTABLISHED
tcp 0 0 192.168.1.2:49592 216.58.209.46:443 ESTABLISHED
tcp 0 0 192.168.1.2:55152 23.37.43.27:80 ESTABLISHED
tcp 0 0 192.168.1.2:35760 93.184.220.29:80 ESTABLISHED
tcp 0 0 192.168.1.2:58568 66.117.29.226:443 ESTABLISHED
tcp 0 0 192.168.1.2:40306 31.13.81.13:443 ESTABLISHED
tcp 0 0 192.168.1.2:49178 46.51.195.203:443 ESTABLISHED
tcp 0 0 192.168.1.2:59456 216.58.209.46:80 ESTABLISHED
Those connections are google servers, amazon servers, akamai and... facebook. The page I'm loading at firefox start is about:blank.
I can understand that there are many legitimate reasons why Firefox might want to connect these servers, among them https://www.reddit.com/r/firefox/comments/7cvx8c/why_firefox_is_connecting_on_facebook_at_launch/ and https://support.mozilla.org/en-US/kb/how-stop-firefox-making-automatic-connections
Anyway, I believe that since Firefox is focused on privacy, you should inform your users upon first start about all of these features and give them easy choice to opt out of them. I was really astonished when I discovered all those connections and I'm not so newbie user. I was sure Firefox is connecting only to Mozilla's owned servers. Now you let me down.
Actual results:
Firefox connects to google, amazon, akamai and facebook upon start in private and safe mode. I can disable those connections but I need to spend half of my day on reading what else could be the reason for unwanted connection and make many experiments to be sure I got rid of them.
Expected results:
User should be informed on first start about these features and should be left with choice. There should be also separate page in Options to disable these connections. You should inform users on which external cloud servers each of these features is hosted. That would be fair approach. Please, don't decide for us.
|
||
Comment 1•7 years ago
|
||
Looks like PageThumbs checks for private mode only to decide if it should store the thumbnail or not.
https://searchfox.org/mozilla-central/rev/03877052c151a8f062eea177f684a2743cd7b1d5/toolkit/components/thumbnails/PageThumbs.jsm#223-224
Maybe we should check private mode here as well https://searchfox.org/mozilla-central/rev/03877052c151a8f062eea177f684a2743cd7b1d5/toolkit/components/thumbnails/BackgroundPageThumbs.jsm#107
|
||
Comment 2•7 years ago
|
||
Moving to Activity Streams component and marking as P1 since this opens private browsing users up to online tracking even if they have Tracking Protection enabled or run anti-tracking add-ons.
Component: Untriaged → Activity Streams: Newtab
Priority: -- → P1
|
||
Updated•7 years ago
|
Priority: P1 → --
|
||
Updated•7 years ago
|
Iteration: --- → 60.1 - Jan 29
status-firefox59:
--- → wontfix
Priority: -- → P2
Summary: [privacy]Option to disable unwanted connections → [privacy]Disable thumbnails if all open windows are in Private Browsing mode
|
Assignee | |
Updated•7 years ago
|
Assignee: nobody → usarracini
|
||
Comment 3•7 years ago
|
||
|
|
||
Updated•7 years ago
|
Iteration: 60.1 - Jan 29 → 60.2 - Feb 12
|
||
Comment 4•7 years ago
|
||
Are thumbnails fetched through the thumbnail service from about:newtab? Or are thumbnails fetched in a new way for activity stream?
When thumbnails are fetched, do the fetches include cookies? Which cookies? Are thumbnail fetches keyed with a specific Origin Attribute for cookie isolation?
|
|
||
Updated•7 years ago
|
status-firefox60:
--- → affected
|
||
Updated•7 years ago
|
Whiteboard: [AS60MVP]
|
|
||
Updated•7 years ago
|
Flags: needinfo?(tanvi)
|
||
Comment 5•7 years ago
|
||
Commits pushed to master at https://github.com/mozilla/activity-stream
https://github.com/mozilla/activity-stream/commit/342950c1eeca0c2be518f45ba472be973a3c8c9a
Fix Bug 1428583 - Disable thumbnails if all open windows are in Private Browsing mode
https://github.com/mozilla/activity-stream/commit/296ad1aee1e0db01cc8365fa4387e07ff9a0fb3f
Fix Bug 1428583 - Disable thumbnails if all open windows are in Private Browsing mode
https://github.com/mozilla/activity-stream/commit/1915564f808c55891b2d277ecba5d1667cd968a3
Merge pull request #3945 from sarracini/bug_1428583
Fix Bug 1428583 - Disable thumbnails if all open windows are in Private Browsing mode
|
|
||
Updated•7 years ago
|
Status: UNCONFIRMED → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
|
|
||
Comment 6•7 years ago
|
||
The thumbnails are fetched with the background page thumbs called from activity stream service. The thumbnails are requested with various flags including anonymous:
https://searchfox.org/mozilla-central/source/toolkit/components/thumbnails/content/backgroundPageThumbsContent.js#42-50
Flags: needinfo?(tanvi)
|
|
||
Comment 7•7 years ago
|
||
When I visit private browsing mode, I don't get the activity stream page on newtab. I get the purple private browsing window page that talks about what private browsing mode is. Is this changing? Needinfo'ing Ed to see if he knows.
I need to take a second look at previous bugs about this. In the past the LOAD_ANONYMOUS flag wasn't sufficient (https://bugzilla.mozilla.org/show_bug.cgi?id=1279568#c14). But perhaps that is fixed. Keeping my needinfo to take a look at this. Past bugs: https://bugzilla.mozilla.org/show_bug.cgi?id=1279568
https://bugzilla.mozilla.org/show_bug.cgi?id=1309699
Also, the fix in the previous bugs was put behind a pref that is not on by default.
Flags: needinfo?(tanvi)
Flags: needinfo?(edilee)
|
|
||
Comment 8•7 years ago
|
||
> When I visit private browsing mode, I don't get the activity stream page on newtab.
this behavior is not changing but clicking the home button or typing in the URL takes you to AS.
|
|
||
Updated•7 years ago
|
|
|
||
Comment 9•7 years ago
|
||
Target Milestone: --- → Firefox 60
|
|
||
Updated•7 years ago
|
Whiteboard: [AS60MVP]
|
|
||
Comment 10•6 years ago
|
||
Removing my needinfo here from comment 7. I believe the new tab page now uses its own cookie jar/container -
https://searchfox.org/mozilla-central/rev/8d78f219702286c873860f39f9ed78bad1a6d062/browser/app/profile/firefox.js#1621
Flags: needinfo?(tanvi)
|
||
Updated•6 years ago
|
Component: Activity Streams: Newtab → New Tab Page
You need to log in
before you can comment on or make changes to this bug.
Description
•