Closed Bug 1691181 Opened 4 years ago Closed 4 years ago

Feature Request: stabilized Settings/Preferences between updates or a notification/tab on what settings have changed

Categories

(Firefox :: Search, defect)

Product:
Firefox
Component:
Search
Version:
78 Branch
Type:
defect

Tracking

()

Status:
RESOLVED INCOMPLETE

People

(Reporter: blitternet, Unassigned)

Details

Attachments

(2 files)

about:support
30.89 KB, text/plain
Details
about:support (raw data)
46.25 KB, text/plain
Details

User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0

Steps to reproduce:

I made a search engine-based query within the Firefox address bar.

Actual results:

Google Search results appeared.

Expected results:

DuckDuckGo Search results should have appeared.

DuckDuckGo has been my default for 2 years now since I left the Google ecosystem. I remove every other search provider but DDG and Wikipedia's search for privacy/safety.

=============================================

Firefox keeps resetting Settings/Options/Preferences between updates - including Search Engine preferences. This is unacceptable. Using Firefox ESR is not the correct solution to this.

I am incredibly appreciative of what Firefox is and the effort that have been put into every part of it. However, reverting settings that affect my security/privacy greatly offends me.

Finding a solution to this is exactly the thing that would pull more users away from Chrome or other browsers that threaten their privacy with subversive preference settings.

The ones that seems to trip me up (in Firefox) are search engines, DNS over HTTPS providers, and if I want to send diagnostics to Mozilla. These should not change.

MOST of the settings under General, Home, Search, Browser Privacy could be standardized/stabilised.

An immediate stop-gap to this could be a feature that tracks changes to settings in about:config. If a Firefox update occurs, and setting are changed, a new tab would open alongside the "What's new?" information that shows you which settings have been modified. Even this feature could be a setting:

General -> Show me what settings have changed after an update

As a web developer, I make my living within Firefox. I experience a large part of my life through this browser.

Currently I know of no browser where I can expect my preferences to remain unmodified.

PS: Firefox Sync is not the correct solution either. I love that my preferences are [usually] saved and synced between devices, but I should not have to rely on web service to make sure my local preferences are still the same.

Not an exploitable security issue that needs to be hidden from the public (I assume this flag was set by accident?).

(In reply to blitmap from comment #0)

Firefox keeps resetting Settings/Options/Preferences between updates - including Search Engine preferences.

I'm pretty sure this isn't normal/intentional (doesn't happen to me/everyone!), and someone from the search team will probably be along in the near future (when it's a working day again) to ask for more details so we can figure out why this is happening for you, and hopefully fix it.

Using Firefox ESR is not the correct solution to this.

No, though your user agent string in comment #0 does suggest you're using ESR, on Linux. Is that accurate? Do you know if you're using a copy of Firefox provided by your Linux distribution, or by mozilla.org ?

Group: firefox-core-security
Type: enhancement → defect
Component: Untriaged → Search
Flags: needinfo?(blitternet)

In addition to the answers from Gijs, please could you confirm which Linux distribution you are using. Also attaching a copy of the output from about:support might be useful.

  1. I did set the exploitable security issue flag intentionally. I do not believe this needs to be hidden. If one knew that an update reverted particular settings - like the search engine provider or DNS-over-HTTPS provider - it would open them to potentially having that traffic sniffed. I run a local DoH provider. If settings reverted this I now would be unaware that traffic is going "out" of my local network. Forgive me if this seems like ridiculous exaggeration of the circumstances, but the point of this bug report is that settings being reverted unnecessarily or without notification to the user is bad.

  2. I am running Firefox on Windows 10 20H2 v19042.789. I must have left my user agent set from something else I was doing.. Windows Firefox 85.0.1 (64-bit)

I've set these things (like my default search provider, and removed the others) many times before. Not after every update, but it is a memorable thing. It's frustrating that even with Firefox Sync I can still occasionally find these undone.

Again, you should not have to rely on Firefox Sync to keep the settings you have locally. (I understand Sync is for maintaining this between several devices.)

I am asserting a better effort must be made to maintain/stabilize these common settings. As said previously, when an update occurs you could see the "What's New?" tab as you usually do, and another tab opened to list a "diff" of what settings have been modified with the update. It would be "in-their-face" to the user if they need to review those again. Currently I cannot predict when settings may be changed, though I am appreciative of active development and frequent updates.

Flags: needinfo?(blitternet)
Attached file about:support

(In reply to blitmap from comment #4)

Forgive me if this seems like ridiculous exaggeration of the circumstances, but the point of this bug report is that settings being reverted unnecessarily or without notification to the user is bad.

Please understand that we also don't like it when these kinds of issues occur. We do have lots of testing and validation in place to try to avoid it, but unfortunately sometimes things do go wrong, and sometimes they only affect a few users.

Also generally please assume a good intent on our part - we don't purposely make Firefox loose a user's settings every update.

Having said all that, there's nothing that jumps out at me from your support log.

Have you tried checking your machine for malware/adware? Using something like MalwareBytes should find it. I ask, as we have seen third parties modifying the search settings from outside of Firefox, and that could be happening in this instance.

Flags: needinfo?(blitternet)

blitmap: did you see my previous comment?

Got distracted for a bit -

I do run a large amount of extensions. It had occurred to me there may be an abandoned extension doing something it shouldn't. I do run MalwareBytes on a periodic basis and it has turned up nothing.

However, today Firefox updated to 86.0. I navigated into Settings to see if anything obvious/new had appeared. The setting for "Firefox Data Collection and Use" -> "Allow Firefox to send technical and interaction data to Mozilla" was enabled. This does not seem like the work of a possible rogue extension.

I'm happy to support developer efforts but I run Firefox in some LANs where I'm trying to keep things "network-quiet". This is another example of a setting that seems to revert to default-on.

I don't know if it's because the setting name or property (within about:config) changes, but the point stands that Mozilla can do a much better job stabilizing [all] options and keeping them reliably set. Again, using Firefox Sync would not be the solution to keeping local settings the same between updates.

I don't believe (Mozilla|its devs) come from the perspective of a bad actor with malicious intent. But if you want to compete against (Google|Chrome) this is an area that is severely undersupported. Apple - of all companies - is making a name for itself as an organization with a privacy focus by tightening up ad tracking/cookies. Mozilla has been doing an excellent job with efforts close to first-party isolation (FPI).

Preferences/Settings is another area the user must put trust in.

I don't know what APIs exist internally to modify settings but I would make it an obvious or difficult thing if a setting is being reverted/undone/erased. I almost wish about:config were file-backed so I could make it immutable/read-only on Linux (chmod/chattr). That would introduce other issues with updates, but you can see what I'm looking for.

Flags: needinfo?(blitternet)

(In reply to blitmap from comment #9)

I'm happy to support developer efforts but I run Firefox in some LANs where I'm trying to keep things "network-quiet". This is another example of a setting that seems to revert to default-on.

It really doesn't. As I said before, there simply isn't code to do something like that; it'd be incredibly user-hostile.

I don't know if it's because the setting name or property (within about:config) changes, but the point stands that Mozilla can do a much better job stabilizing [all] options and keeping them reliably set. Again, using Firefox Sync would not be the solution to keeping local settings the same between updates.

It does look like your profile is currently set up to sync, and so it's possible the preferences are being synced with some other instance. I'm not sure how our sync code resolves conflicts like that, though it should be possible to check logs for it. Mark, can you help?

Is there a user.js file in your profile directory, and if so, what are its contents? What about an invalidprefs.js file? Or prefs-1/2/3.js or similar?

I almost wish about:config were file-backed so I could make it immutable/read-only on Linux (chmod/chattr).

It is file-backed, prefs.js contains all the modified-from-default preferences (unfortunately that's changes you make as well as changes Firefox makes; for complex reasons that aren't super-relevant we use it to store timestamps and various other internal values, as well as the user-visible settings).

That would introduce other issues with updates, but you can see what I'm looking for.

Right; making it immutable is likely to break things in Firefox, but you could store a back-up and see what changes it / when it changes.

Flags: needinfo?(markh)
Flags: needinfo?(blitternet)

(In reply to :Gijs (he/him) from comment #10)

It does look like your profile is currently set up to sync, and so it's possible the preferences are being synced with some other instance. I'm not sure how our sync code resolves conflicts like that, though it should be possible to check logs for it. Mark, can you help?

Pref syncing is fairly dumb - there's no way to "merge" different prefs being changed on different devices before they all sync - when a device sees an updated set of prefs, that entire set is applied locally. This turns out to not be as bad as it sounds because in practice people don't really change the synced prefs that often.

I doubt sync would be responsible for the described behaviour, but https://wiki.mozilla.org/CloudServices/Sync/File_a_desktop_bug shows how to enable "trace" logging, and those logs would be able to tell us if/when preferences from another device were applied or when preferences from this device were uploaded. Obviously we'd want logs from all relevant devices.

Flags: needinfo?(markh)

Hi blitmap,
I closed this ticket due to lack of information as Resolved-Incomplete. If the issue is still reproducible with the latest Firefox version, feel free to reopen the bug with more information.

Regards,
Jerónimo.

Status: UNCONFIRMED → RESOLVED
Has Regression Range: --- → no
Has STR: --- → yes
Closed: 4 years ago
Resolution: --- → INCOMPLETE
Flags: needinfo?(blitternet)
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: