chrome.privacy.network.networkPredictionEnabled API no longer prevents preconnecting
Categories
(WebExtensions :: Compatibility, defect, P2)
Tracking
(firefox-esr115 affected, firefox119 wontfix, firefox120 affected, firefox121 affected)
People
(Reporter: gwarser, Unassigned)
References
Details
User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:121.0) Gecko/20100101 Firefox/121.0
Steps to reproduce:
User noticed that despite using uBlock Origin, DNS requests are made, visible in NextDNS logs: https://github.com/uBlockOrigin/uBlock-issues/issues/2913
STR:
- with uBlock Origin installed which should block Google tracking connections and disable prefetching/preconnection by default
- go to
https://my.nextdns.io/
- copy the DOH server addres and add it in
about:preferences
secure DNS max protection setting - Open a tab to
about:networking#dns
- Click "Clear DNS Cache"
- Click "Refresh" to be sure
- open
https://twitterdownloader.co/
tab https://my.nextdns.io/.../logs
shows DNS requests forgoogle-analytics.com
andgooglesyndication.com
This is regression:
app_name: firefox
build_date: 2023-04-18 18:09:57.629000
build_file: /home/rdk/.mozilla/mozregression/persist/0cae6ecbc398-pgo--autoland--target.tar.bz2
build_type: integration
build_url: https://firefox-ci-tc.services.mozilla.com/api/queue/v1/task/L6z0NMXPRWiJ0H_bHyJZjw/runs/0/artifacts/public%2Fbuild%2Ftarget.tar.bz2
changeset: 0cae6ecbc3984ca8f45c8ae5a0bec250392a22c1
pushlog_url: https://hg.mozilla.org/integration/autoland/pushloghtml?fromchange=0cae6ecbc3984ca8f45c8ae5a0bec250392a22c1&tochange=3155d983a779ff98645129c066353f3204786f4c
repo_name: autoland
repo_url: https://hg.mozilla.org/integration/autoland
task_id: L6z0NMXPRWiJ0H_bHyJZjw
https://bugzilla.mozilla.org/show_bug.cgi?id=1813618
Notable discussion in https://bugzilla.mozilla.org/show_bug.cgi?id=1854782
Also, if you follow these steps:
- Go to
about:config
, filter usingpreconnect
- Toggle
network.preconnect
tofalse
- Repeat above STR
No DNS requests to google-analytics.com
and googlesyndication.com
will be logged in NextDNS.
Actual results:
https://my.nextdns.io/.../logs
shows DNS requests for google-analytics.com
and googlesyndication.com
.
Expected results:
Requests to resolve these domains should not happen.
I believe, the API was initially implemented here https://bugzilla.mozilla.org/show_bug.cgi?id=1312802
Comment 2•7 months ago
|
||
:keeler, since you are the author of the regressor, bug 1813618, could you take a look? Also, could you set the severity field?
For more information, please visit BugBot documentation.
Comment 3•7 months ago
|
||
Relevant API calls from uBlock Origin seems to be at https://github.com/gorhill/uBlock/blob/bc632b546464b6fdfbb25d34097b4fe8ae7da8fc/platform/common/vapi-background.js#L136-L217
network.networkPredictionEnabled
in theprivacy
namespace maps tonetwork.networkPredictionEnabled
pref.
Comment 4•7 months ago
|
||
If fixing bug 1813618 caused this behavior, it probably means there was an issue with the original implementation of chrome.privacy
(before fixing bug 1813618, preconnect was always disabled).
Comment 5•7 months ago
|
||
Hello,
I reproduced the issue on the latest Nightly (121.0a1/20231030164930), Beta (120.0b4/20231030091620) and Release (119.0/20231019122658) under Windows 10 x64 and Ubuntu 22.04 LTS.
Performing the STR will show DNS requests for google-analytics.com
and googlesyndication.com
in https://my.nextdns.io/.../logs
as per Comment 0.
Performing the alternate STR (where network.preconnect
is false
) will not show DNS requests to google-analytics.com
and googlesyndication.com
in NextDNS.
Based on the regressor tracking data, 115 (ESR) is also affected.
Comment 7•7 months ago
|
||
Set release status flags based on info from the regressing bug 1813618
Updated•7 months ago
|
Comment 8•7 months ago
|
||
I think that it would make sense to disable all preconnect-like functionality whenever the browser.privacy.network.networkPredictionEnabled
extension API is set to false.
Updated•7 months ago
|
Comment 9•7 months ago
|
||
Why did you remove the regression tag? Bug 1813618 was identified as the regressor through mozregression.
(In reply to Dana Keeler (she/her) (use needinfo) (:keeler for reviews) from comment #4)
If fixing bug 1813618 caused this behavior, it probably means there was an issue with the original implementation of
chrome.privacy
(before fixing bug 1813618, preconnect was always disabled).
The extension API is used to force-disable preconnect. If the feature was always disabled, then that implies that the extension API works as desired, trivially. Preconnect is an optional feature, so it not working would not be a bug.
However, preconnecting despite having set the setting to false would be a bug, at least from the perspective of a privacy-conscious extension user.
Comment 10•6 months ago
|
||
This error does not only apply to ublock/preconnect.
For example, on rt.pornhub.com
firefox in the tracking protection status panel reports that static.trafficjunky.com
is blocked, but it is not.
Comment 11•6 months ago
|
||
On www.pvsm.ru
also www.acint.net
is not blocked.
Comment 12•6 months ago
|
||
The solution to the problem is to disable the DoH.
Comment 13•6 months ago
|
||
Strange, disabling DoH only solves the problem on www.pvsm.ru
Comment 14•6 months ago
|
||
I'm sorry, it looks like DoH had nothing to do with it.
The problem should be solved in the built-in Tracking Protection, and then deal with uBlock Origin.
Comment 15•6 months ago
|
||
I think I got it:
network.predictor.enabled
= false
OS Resolver - www.acint.net
blocked
DoH - www.acint.net
does not blocked
network.predictor.enabled
= true
OS Resolver and DoH - built-in Tracking Protection doesn't block a trackers, simply put it doesn't work.
Comment 16•6 months ago
|
||
DoH -
www.acint.net
does not blocked
DoH has no effect on this, it's just that for some reason the domain is not blocked in standard ETP mode.
Comment 17•6 months ago
|
||
network.predictor.enabled
= true
on www.pvsm.ru
- mc.yandex.ru
is not blocked in strict mode.
Comment 18•6 months ago
|
||
network.predictor.enabled
= true
onwww.pvsm.ru
-mc.yandex.ru
is not blocked in strict mode.
I don't know if it has anything to do with this bug.
To block it, have to:
network.predictor.enabled
= false
urlclassifier.trackingTable.testEntries
= yandex.ru
Comment 19•4 months ago
|
||
I needinfo'd myself with the intent to get to a resolution quicker. I did however not get to this because of the sheer amount of work I have, so I will instead mark this bug with P2 so it can be triaged and scheduled as part of the regular planning in the team.
(In reply to Rob Wu [:robwu] from comment #8)
I think that it would make sense to disable all preconnect-like functionality whenever the
browser.privacy.network.networkPredictionEnabled
extension API is set to false.
If there are preferences connected to the feature here, we should also set them when an extension sets networkPredictionEnabled
to false.
Comment 20•4 months ago
|
||
(In reply to Rob Wu [:robwu] from comment #19)
I needinfo'd myself with the intent to get to a resolution quicker.
I tested v113, it doesn't have the predictor/preconnect issues described above.
Description
•