Bug 1369299 - Part 1: Disable the GeoIP and region default look up when 'privacy.resistFingerprinting' is true. r?Gijs,arthuredelstein
The GeoIP and region default lookup may leak users' information about where they
are, which is a fingerprintable vector. So, we would like to disable it when
fingerprinting resistance is enabled.
MozReview-Commit-ID: GSMTO6MNy35
--- a/toolkit/components/search/nsSearchService.js
+++ b/toolkit/components/search/nsSearchService.js
@@ -365,18 +365,21 @@ function isPartnerBuild() {
return true;
}
} catch (e) {}
return false;
}
// Method to determine if we should be using geo-specific defaults
+// When 'privacy.resistFingerprinting' is true, we will disable this since requesting
+// geo-specific defaults may leak information.
function geoSpecificDefaultsEnabled() {
- return Services.prefs.getBoolPref("browser.search.geoSpecificDefaults", false);
+ return Services.prefs.getBoolPref("browser.search.geoSpecificDefaults", false) &&
+ !Services.prefs.getBoolPref("privacy.resistFingerprinting", false);
}
// Some notes on countryCode and region prefs:
// * A "countryCode" pref is set via a geoip lookup. It always reflects the
// result of that geoip request.
// * A "region" pref, once set, is the region actually used for search. In
// most cases it will be identical to the countryCode pref.
// * The value of "region" and "countryCode" will only not agree in one edge
@@ -583,17 +586,19 @@ function fetchCountryCode(ss) {
ERROR: 3,
// Note that we expect to add finer-grained error types here later (eg,
// dns error, network error, ssl error, etc) with .ERROR remaining as the
// generic catch-all that doesn't fit into other categories.
};
let endpoint = Services.urlFormatter.formatURLPref("browser.search.geoip.url");
LOG("_fetchCountryCode starting with endpoint " + endpoint);
// As an escape hatch, no endpoint means no geoip.
- if (!endpoint) {
+ // And we won't make a request when 'privacy.resistFingerprinting' is true for
+ // preventing leaking information.
+ if (!endpoint || Services.prefs.getBoolPref("privacy.resistFingerprinting", false)) {
return Promise.resolve();
}
let startTime = Date.now();
return new Promise(resolve => {
// Instead of using a timeout on the xhr object itself, we simulate one
// using a timer and let the XHR request complete. This allows us to
// capture reliable telemetry on what timeout value should actually be
// used to ensure most users don't see one while not making it so large