Closed Bug 1666160 Opened 4 years ago Closed 3 months ago

Users enable `privacy.resistFingerprinting` and then are surprised when it causes problems

Categories

(Core :: DOM: Security, enhancement, P3)

Product:
Core
Component:
DOM: Security
Type:
enhancement

Tracking

()

Status:
RESOLVED FIXED
Milestone:
134 Branch
Tracking Flags:
Tracking Status
firefox134 --- fixed

People

(Reporter: metasieben, Assigned: tjr)

References

(Blocks 4 open bugs)

Details

(Whiteboard: [domsecurity-backlog1])

Attachments

(1 file)

Bug 1666160: Direct users in the warning box to the new RFP-specific support page r?freddyb
48 bytes, text/x-phabricator-request
Details | Review

Ever since privacy.resistFingerprinting was added every guide to harden Firefox
includes this pref, mostly without mentioning the consequences of enabling it has.

AFAIK this was added as part of the TOR-uplift project; while it (might) make sense for
the TOR browser, enabling this in Firefox produces lots of problems and support-request.

Maybe there should be a infobar, similar to the >Your browser is being managed by your
organisation.<, when privacy.resistFingerprinting is enabled, linking to a sumo-article
about the pref(eg. what it does) and how to disable it.

Status: UNCONFIRMED → RESOLVED
Closed: 4 years ago
Resolution: --- → DUPLICATE

I think this is worth having this discussion here, since it's slightly different than bug 1490728.

In the past we have sometimes made the pref name scary to avoid scams that say "just set 'browser.require-cors:false' and go to this link!".
I think that would be a good preventative measure if we can find a good name that implies breakage may occur.

"privacy.resist-fingerprinting-so-hard-that-websites-break" is one possibility.

Status: RESOLVED → REOPENED
Ever confirmed: true
Resolution: DUPLICATE → ---
Summary: Add some sort of notification when `privacy.resistFingerprinting` is enabled → Users enable `privacy.resistFingerprinting` and then are surprised when it causes problems
Component: Preferences → DOM: Security
Product: Firefox → Core
Blocks: fingerprinting-breakage
Severity: -- → S3
Priority: -- → P3
Whiteboard: [domsecurity-backlog1]
See Also: → 1692609

Can we rename this pref to something like privacy.resistFingerprinting.mayBreakWebsites or something?

Flags: needinfo?(dveditz)
Flags: needinfo?(dveditz) → needinfo?(tom)

renaming the pref would effectively turn it off for everyone who has gone out of their way to turn it on. That will un-break some people (less annoyance) but would put other people who actually need it at risk and they wouldn't figure that out for quite some time. I could only support a re-name if we also included code to migrate non-default settings to the new name. But otherwise, sure, if you think a new name will help. I think an about:support warning and/or a highlighted note in the "Privacy" section of about:preferences would be better... but those involve l10n so would be a bigger project.

Tor browser would likely be fine since "on" is their default and the renamed pref would also default to "on".

+1. Renaming the pref would also not work for folks who enable this pref by just dropping in an predefined user.js, like the popular arkenfox/user.js (which does try its best to explain what these pref accomplish.) A better solution, as suggested in the initial comment, might be to provide a visual indicator, either something subtle like a badge in the address bar or something more overt like changing the color of the address bar.

Sanketh, arkenfox will be fine, that Thorin is onto it, also Daniel said

I could only support a re-name if we also included code to migrate non-default settings to the new name

+1 for a rename - changes to UI are a PITA

+10 : auto include RFP=true in the user agent when logging bugzillas

Yeah, adding a migration is a sensible thing to do... I'm not a fan of maintaining UI for an opt-in, ideally-rarely-used pref.

I suppose I'm not explicitly against renaming it. I think migration is definitely necessary, but I think a significant number of people get RFP enabled through add-ons (which we are thinking about deprecating also.) I always preferred the visual indicator but after we looked at the telemetry (Bug 1693861) that told that the number of users who had RFP enabled was actually much fewer than we thought we de-prioritized it.

Flags: needinfo?(tom)

Aren't all/most duplicates of this bug actually duplicates of bug 1663586 and caused by privacy.resistFingerprinting.randomDataOnCanvasExtract being true by default?

Please add a big scary warning to the top of this page: https://support.mozilla.org/kb/firefox-protection-against-fingerprinting

See Also: → 1810741
Duplicate of this bug: 1827640
Duplicate of this bug: 1849355
No longer duplicate of this bug: 1849355
Duplicate of this bug: 1849355

Having lost 2.5 days to this in a simple HTML5/CSS3 page I agree there needs to be a banner to alert us! I'd prefer to see a warning next to the Settings > Web site appearance options warning that these changes will not take effect due to privacy.resistFingerprinting = true - and as I discovered there is no way to disable it per-tab when the protocol is file:// since there is no shield.

See Also: → 1841116
Blocks: 1878825

Does the warning banner (bug 1841116) suffice the warning we want to give users, as requested in this bug? Or is there more to do here to keep it open?

Flags: needinfo?(tom)

We ran the usage stats for RFP. It's about .02%. There's probably overlap between people who enable RFP and disable Telemetry, but I don't know if there's much we can do about that.

There's more we could do, but I'm not sure the effort is worth the benefit. I do think we should update the FPP SUMO page and the RFP SUMO Page (Bug 1862173) - I'm not sure what has stalled those.

Flags: needinfo?(tom)
Depends on: 1885101
Blocks: 1885101
No longer depends on: 1885101

I think this can be closed. Some follow-up questions though...

Should we deprecate controlling the resistFingerprinting pref through add-ons if we think this is an unwise thing to set?
Should we make a switch to FPP instead?

not sure if we want to close it, it's good to be cc'd on to find new reports when they're linked

as for no longer allowing extensions to change RFP (I think we could allow them to read it) +100

Blocks: 1887873

not sure if we want to close it, it's good to be cc'd on to find new reports when they're linked

We also link to this page when users create forum threads asking for help with issues that were actually caused by enabling this preference (like sites being "suddenly" letterboxed, captcha errors, etc.). Please keep it open, as new users keep following "hardening" guides or using forks that enable it.

Duplicate of this bug: 1917889
Assignee: nobody → tom

We have improved the FPP and RFP SUMO pages, and implemented a warning in the preferences page that will link to the SUMO page with instructions for how to disable it. As users report issues on WebCompat, Bugzilla, Matrix, or other channels, we should direct people to this new page which will hopefully help people avoid repeating themselves too much each time.

https://support.mozilla.org/en-US/kb/resist-fingerprinting

We can continue referencing this bug in bugzilla reports (I think See Also and RESOLVED-INVALID are the best ways to do this)

When this patch lands this bug will be closed.

Depends on: 1929134
Pushed by tritter@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/b1c1d871b515 Direct users in the warning box to the new RFP-specific support page r=settings-reviewers,mossop

https://hg.mozilla.org/mozilla-central/rev/b1c1d871b515

Status: REOPENED → RESOLVED
Closed: 4 years ago3 months ago
status-firefox134: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 134 Branch
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: