network.preconnect [1861889]

[Thorin-Oakenpants]

should we?

• https://bugzilla.mozilla.org/show_bug.cgi?id=1861889
• https://github.com/uBlockOrigin/uBlock-issues/issues/2913
• network.preconnect

class, discuss!

[Thorin-Oakenpants]

@PieroV - is this something we should do by default for MB?

[PieroV]

is this something we should do by default for MB?

Let's see how the upstream Bug evolves, for me

[Thorin-Oakenpants]

@PieroV ok, I'll try again .. the bug is web extensions, but if we're going to ship that in uBO, why not save computing power and any future potential bugs/regressions by setting the internal browser pref

[PieroV]

Yes, we could do it, but I don't know if I am the right one to explore this preference (well, at the moment I'm working on other stuff).
I've opened https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42233 and I'll let richard triage it.

[Thorin-Oakenpants]

https://developer.mozilla.org/en-US/docs/Web/HTML/Attributes/rel/preconnect

[mik0l]

Open about:url-classifier and enter http://www.google-analytics.com

URL: http://www.google-analytics.com is in the list of tables:
base-email-track-digest256
analytics-track-digest256

And I also see DNS requests to google-analytics.com

Set network.preconnect=false

No DNS requests to google-analytics.com

[rusty-snake]

Where is the privacy issue with DNS requests for blocked domains?

[Thorin-Oakenpants]

well ... it is a "thing"

• Title: Hide and Seek: Revisiting DNS-based User Tracking
• Date: June 2022
• link: https://ieeexplore.ieee.org/document/9797362
• PDF: https://bpb-us-e2.wpmucdn.com/faculty.sites.uci.edu/dist/5/764/files/2022/04/eurosp22.pdf

I haven't read it. I'm not super qualified to assess this issue - my thoughts were tor protects, but MB (and AF) by default doesn't have a VPN, so I lodged this issue to drink about it, and push it on pierov 😁 who then pushed it on richard 😀

[rusty-snake]

As I understand this paper (second link), the attacker who wants to track me is the operator of my DNS (LAN Admin, ISP or Cloudflare-DNS/Google-DNS/...) or someone who compromised my DNS. The operators of the sites I visit (example.com, google-analytics.com, ...) can not track me (that way).

So let assume that I do not trust my DNS and it is an actual threat in my threat model. Then my DNS can track that I first visted google.com, then example.com, followed by depressions-help.net. But it can not see that example.com uses google analytics.

TL;DR: DNS-based User Tracking is a thing. Is DNS-based User Tracking of tracking domains a thing?

[mik0l]

I see in about:networking that ssl.google-analytics.com is not blocked at all:

ssl.google-analytics.com 443 HTTP/2 true 1 0

[rusty-snake]

Can be some exceptions because of a broken site or behind-the-sence or from a restrictedDomain (where addons are not allowed). If you can narrow it down. Maybe uB logger or Browser DevTools.

[c3d1c06c-bf26-477e-b0eb-c50ef4477ba6]

network.preconnect=true is meant to do dns+tcp+tls (uB0 blocks the last 2) regardless of other prefetching settings according to chrome implementation and firefox currently works the same.