SSL Certificates: Don't automatically check checkbox to send URLs to Mozilla if "Send Technical & Interaction Data to Mozilla" setting is disabled
Categories
(Firefox :: Security, enhancement, P3)
Tracking
()
People
(Reporter: elliottabarnes, Assigned: ingrid, Mentored)
References
(Blocks 1 open bug)
Details
Attachments
(1 file, 1 obsolete file)
User Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0
Steps to reproduce:
To reproduce:
-
From within the Options dialog, navigate to the "Privacy & Security" panel and ensure that the "Send Technical & Interaction Data to Mozilla" checkbox is unchecked
-
Navigate to any URL prefixed with "https://" - ensuring that the SSL certificate for this URL is recognised as expired, or not valid for that particular domain
When Firefox displays the warning about this certificate, you'll noticed that despite unchecking the checkbox to send data to Mozilla in the previous steps, the checkbox to notify Mozilla about this URL is checked by default. Considering that only advanced or privacy-minded users are likely to uncheck this box, could we consider unchecking the box by default to send these URL lists to Mozilla when encountering an invalid cert?
Actual results:
N/A
Expected results:
N/A
|
||
Updated•5 years ago
|
|
||
Comment 1•5 years ago
|
||
Hi Elliott,
Could you please provide me with any URL prefixed with "https://" - ensuring that the SSL certificate for this URL is recognised as expired?
Thanks in advance, Flor.
|
|
||
Updated•5 years ago
|
|
Reporter | |
Comment 2•5 years ago
|
||
Unfortunately I don't have any example URLs to hand - apologies for this. Will keep looking to see if I can find one!
|
|
Reporter | |
Comment 4•5 years ago
|
||
Unfortunately not. This is triggered for any invalid cert, however - the only examples I have to hand are within internal corporate environments. The easiest way of triggering this may be to set up a test server, generate an SSL cert but only set it to be valid for a domain that doesn't apply in the test situation.
|
|
||
Comment 5•5 years ago
|
||
No prob, I've chosen a component for this bug in hope that someone with more expertise may look at it. We'll await for their answer. If you consider that there's another component that's more proper for this case you may change it.
|
||
Comment 6•5 years ago
|
||
Seems like a good idea.
|
||
Updated•5 years ago
|
|
||
Comment 7•5 years ago
|
||
Hello,
Is this issue a UI related issue, where checkbox is checked by default, though it actually donot send urls to mozilla, due to the previous setting.
Or even if "Send technical and interaction data to mozilla" is disabled, it, the checkbox is checked and it do send data?
Also any url to reproduce the issue?
Thanks
Aarushi
|
|
||
Updated•5 years ago
|
|
|
||
Comment 9•5 years ago
•
|
||
(In reply to :ingrid from comment #8)
I would like to be assigned, thank you!
Steps to reproduce -
- Go to 'about:config' and set "security.ssl.errorReporting.enabled" and "security.ssl.errorReporting.automatic" to true
- Go to 'about:preferences' -> Privacy & Security and deselect the "Send Technical & Interaction Data to Mozilla" checkbox
- Open a page like https://expired.badssl.com/
Actual results : The error reporting checkbox on https://expired.badssl.com/ is selected
Expected Results : The check box on https://expired.badssl.com/ should be deselected or hidden
Ingrid, please feel free to get in touch on Matrix if you have any questions.
|
Assignee | |
Comment 10•5 years ago
|
||
|
|
Assignee | |
Comment 11•5 years ago
|
||
Ups, something went wrong with my commit, it is the code from another bug. I will commit again with the right code. :)
|
|
Assignee | |
Comment 12•5 years ago
|
||
|
|
||
Updated•5 years ago
|
|
|
||
Comment 13•5 years ago
|
||
After some discussion we concluded that there's a lot of complexity in this bug, in both the work that's necessary to complete it and also the code that it will add. Reporting was recently disabled across the board in bug 1579906 and it looks like when we re-enable it, it might take a different form. Together that means there's no point in working on this at the moment.
Description
•