FPP settings keep resetting on Android.
Categories
(Firefox for Android :: Privacy, defect)
Tracking
()
| Tracking | Status | |
|---|---|---|
| firefox132 | --- | fixed |
People
(Reporter: gfmshj6ww, Assigned: timhuang)
References
Details
Attachments
(2 files)
User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:128.0) Gecko/20100101 Firefox/128.0
Steps to reproduce:
Android Firefox Nightly 130.0a1
Actual results:
Hello.
I've been using RFP on Android for a long time.
https://bugzilla.mozilla.org/show_bug.cgi?id=1881993
Recently, RFP included a font visibility limitation feature, and as a Korean, I was forced to use FPP because it changed to a weird font that I couldn't read.
https://arkenfox.github.io/TZP/tzp.html
Then today, I came across this fingerprinting test page and was shocked to see that my fingerprints were not spoofed, but real.
I went into about:config and found that even if I set FPP=true, it would change back to the default of false after closing the browser and restarting. When did this happen?
I'm shocked to realize that I've been browsing the web without fingerprint protection all this time.
I want to use RFP, but Korean users can't use RFP due to the font issue mentioned above, so I'm forced to use FPP, but what the hell am I supposed to do if even FPP is no longer available?
I really want to love Firefox, but it's so frustrating to keep having these problems.
Please, please, please make either the RFP or the FPP available. I'm really begging you.
I was using Enhanced Tracking Protection (ETP) with the setting of Strict. After clicking the Strict button one more time, I went to about:config and checked the default value of FPP(privacy.fingerprintingProtection) and it was changed to true. I then turned off the browser and turned it back on to check the default value of FPP again, and it is now false. And of course, the ETP is still set to Strict. And then I click the Strict button one more time, and then I go to about:config and check the default value of FPP, and it's true. Why is that? This doesn't happen with RFP(privacy.resistFingerprinting).
I changed the ETP to Custom, changed the 'Suspected Fingerprinters' from 'Only in Private tabs' to 'In all tabs', went to about:config and checked the FPP default and it was true. I turned the browser off and on, went back into about:config and checked the FPP default and it was still true. I was wondering if the default value for 'Suspected Fingerprinters' in ETP Strict is 'Only in Private tabs' instead of 'In all tabs'. I would like to use Strict mode, but until this issue is resolved, I'm stuck with Custom for now?
If I change the value of 'Suspected Fingerprinters' in ETP Custom from 'Only in Private tabs' to 'In all tabs', then change the ETP back to Strict and restart the browser, FPP=true remains.
Conversely, if I change the value of 'Suspected Fingerprinters' in ETP Custom from 'In all tabs' to 'Only in Private tabs', then change the ETP back to Strict and restart the browser, the FPP value becomes false.
I thought Custom and Strict were separate, but it seems that the settings in Custom affect Strict as well.
|
||
Comment 4•11 months ago
|
||
The severity field is not set for this bug.
:royang, could you have a look please?
For more information, please visit BugBot documentation.
In the current Android Nightly version, the network.IDN_show_punycode=true setting is not working correctly.
Also, if you modify the privacy.fingerprintingProtection.overrides setting and then turn the browser off and on, it reverts back to the default.
|
||
Updated•11 months ago
|
|
||
Comment 6•10 months ago
•
|
||
Hi, I can add some context. I'm not familiar with this feature, but know why privacy.fingerprintingProtection.overrides is reverting.
For privacy.fingerprintingProtection.overrides:
So, in GeckoView here we define the pref with a default of "". The default is being clobbered every time the app reopens here back to the original.
For network.IDN_show_punycode:
Don't see it being overrode, wonder if the feature is setup for Android? I don't have context, sorry!
This is a good symptom of why bug 1888979 might be something we should add to the architecture.
Often, for prefs like this, there is some UI and Fenix keeping state. Not sure if this feature is still under development or not. This is one of the reasons about:config is only available in Nightly.
I see Tim worked on this at some point based on git history, possibly he has more context on the feature as a whole?
(In reply to Olivia Hall [:olivia] from comment #6)
Thanks for the answer.
For the network.IDN_show_punycode setting, it's not overridden, but I'm not using punycode even when set to true in the nightly version. It's working fine in the stable, beta version.
|
Assignee | |
Updated•10 months ago
|
|
|
Assignee | |
Comment 8•10 months ago
|
||
|
|
||
Comment 9•10 months ago
|
||
The severity field is not set for this bug.
:Gela, could you have a look please?
For more information, please visit BugBot documentation.
|
||
Updated•10 months ago
|
|
|
Assignee | |
Comment 10•10 months ago
|
||
Depends on D218865
|
||
Updated•9 months ago
|
|
||
Comment 11•9 months ago
|
||
|
||
Comment 12•9 months ago
|
||
| bugherder | ||
https://hg.mozilla.org/mozilla-central/rev/82ac0d26513d
https://hg.mozilla.org/mozilla-central/rev/ad689e0e759a
Description
•