Closed Bug 93630 Opened 24 years ago Closed 24 years ago

Remove What's Related? from build until bug 53239 is fixed

Categories

(SeaMonkey :: Build Config, defect, P2)

Product:
SeaMonkey
Component:
Build Config
Type:
defect

Tracking

(Not tracked)

Status:
VERIFIED WONTFIX
Milestone:
mozilla0.9.4

People

(Reporter: hsivonen, Assigned: cls)

Details

Attachments

(3 files)

Remove "What's related?" from win32 & linux builds + chrome
6.90 KB, patch
Details | Diff | Splinter Review
updated patch that removes more of the chrome references to related
15.99 KB, patch
Details | Diff | Splinter Review
Alternative fix. Removes the panel from all UI, but not the build
2.84 KB, patch
Details | Diff | Splinter Review
The What's Related? panel sends the URL the user visits to a third party--in some cases in situation where the user doesn't expect it and without his/her conset. IMO, mozilla.org shouldn't be distributing builds with this defect in place. The bug for fixing the issue itself (bug 53239) has been futured. I suggest the offending panel be removed from the build until it is fixed.
Nominating for Mozilla 0.9.4.
Keywords: mozilla0.9.4
After reading thru bug 53239, I'm in complete agreement that "What's Related?" should be removed from the build if the privacy issue will not be addressed. The workaround described in bug 53239 (remove the panel) assumes that you know there's a reason to reomve the panel. As it's on by default (I don't remember adding it as I never use the sidebar), this problem will affect the majority of the users....the ones who never change their default settings.
Status: NEW → ASSIGNED
Priority: -- → P2
Target Milestone: --- → mozilla0.9.4
This should be a no-brainer. Mozilla should never allow privacy violation issues like this to even come up in the first place - turn it off by default ASAP! It is NOBODIES business where the user surfs. Not telling them that ALL urls they visit are being reported to a 3rd party is a DISGRACE to this project.
Please be sure to get r= from Ben (Nav UI owner) on this bug.
Depends on: 53239
How can this depend on bug 53239?
cls, I suggest you remove it only from the the rdf files. (Doesn't it appear in profile/defaults/localstore.rdf, too?) This stands a smaller chance for a regression. People will still be able to get it, if they know what they do and specify the url of the panel directly.
This is insane. This is a popular feature, and the privacy concern can be addressed by simply not having what's related in the list of default mozilla panels actually in the sidebar. Removing the whole panel is wrong, and is not the way to address this.
The patch I attached removed the panle from the default panels and the Add Panels dialog, so an innocent tester won't add it without knowing the consequences. You (Asa!) should still be able to readd the panel to your sidebar by clicking the following link: <a href="javascript:window.sidebar.addPanel('Whats Related?', 'chrome://communicator/content/related/related-panel.xul', '');">Add What's Related to your sidebar</a><br> Note: There is <a href="http://bugzilla.mozilla.org/show_bug.cgi?id=53239">a privacy bug</a>!
Ben Bucksch, Wouldn't removing from RDF only mean that anyone who has created their profile under an old build would still be vulnerable? If so, I don't think removing from RDF is good enough. Jason Kersey, Removing the sidebar until the privacy bug is fixed is a perfectly valid way to address this. The bug about fixing the problem itself has been open a long time and there is no reason to believe it will be fixed anytime soon. Until someone really fixes the panel, it is a Bad Thing to distribute builds with the bug in place.
Bug 53239 would be easier to fix than this bug, and it wouldn't have to be backed out in the future like this one would. Sabotaging a feature just because it has a bug that annoys some people is not cool. There are more constructive ways to get 53239 fixed faster than threatening to remove the What's Related feature. These include: - voting for 53239. - providing helpful comments in 53239 (eg "This [does/does not] happen in Netscape 6.1, [and/but] I think this is important to fix"). - providing a patch or coding hints (eg lxr links) in 53239. - attempting to escalate 53239 through the people responsible for privacy in Mozilla.
Status: ASSIGNED → RESOLVED
Closed: 24 years ago
Resolution: --- → WONTFIX
>Bug 53239 would be easier to fix than this bug, So why wasn't it fixed 11 months ago? >and it wouldn't have to be backed out in the future like this one would. Why wasn't the What's Related sidebar panel itself backed out? If I had CVS access and checked in a feature with that kind of bug, would my changes get backed out immediately and not checked back in until I fixed my code? > - voting for 53239. Yeah, right. That's not going to help. > - providing helpful comments in 53239 It has been pretty clear from the comments that it is important to fix, but it hasn't been fixed, because it is believed to not affect Netscape's commercial builds. > - attempting to escalate 53239 through the people responsible for > privacy in Mozilla. What one should do to escalate it?
Status: RESOLVED → REOPENED
Resolution: WONTFIX → ---
> Bug 53239 would be easier to fix than this bug, and it wouldn't have to be > backed out in the future like this one would. Sabotaging a feature just > because it has a bug that annoys some people is not cool. A privacy issue is not equivalent to an "annoying bug". It is a serious issue. Bug 53239 clearly indicated that the privacy issue was *not* going to be addressed by the person responsible for that bug. So I'm addressing it as it became a build issue.
Status: REOPENED → ASSIGNED
> Sabotaging a feature just because it has a bug that annoys some people is not > cool. If there is a security/privacy bug in a feature, and the person responsible refuses to address it in a timely manner (and noone else volunteers to fix it), removing the feature is the only way to go that is left. IMO, that resolution is employed way too rarely in Mozilla, > Wouldn't removing from RDF only mean that anyone who has created their > profile under an old build would still be vulnerable? If so, I don't think > removing from RDF is good enough. Right. Any ideas how we can automatically remove the panel from the existing profiles?
I hope i don't have to point out that automatically removing somethign which a user manully configured or selected is an abuse of trust. If microsoft one day decided to remove my recylce bin, i'd be upset.
Timeless: If Microsoft's recycling bin was sending info to them without my knowledge, I wouldn't miss it if they removed it. Let's keep the proper context here. Blake: what's the progress on the "quick fix" that you were proposing?
fix is in 53239
can we move this to 0.9.5 then or close this wontfix?
Marking WONTFIX now that matt's fix for 53239 is in.
Status: ASSIGNED → RESOLVED
Closed: 24 years ago24 years ago
Resolution: --- → WONTFIX
verified
Status: RESOLVED → VERIFIED
No longer depends on: 53239
Product: Browser → Seamonkey
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: