Speculative pre-connections control preference

[Drey]

Hello!

Please reconsider your decision about WONTFIXing bug 814169 - introduce preference for controlling speculative pre-connections
https://bugzilla.mozilla.org/show_bug.cgi?id=814169

Rationale for WONTFIX status was given that there is not enough demand for that feature. However, recent comments & votes in this bug, and article like this (and it's comments) prove this wrong
http://www.ghacks.net/2013/04/27/firefox-prefetching-what-you-need-to-know/

Also privacy oriented bundles like Tor can or will use it, i guess.

Mozilla have long been associated with privacy/security, so giving users an option to control unrequested/automatic connections is essential IMO.

I also think Firefox should honor the pref in the case of the search bar.

Firefox privacy policy and this article http://mzl.la/Mxv856 should also mention speculative pre-connections.

[Tom Schuster]

I think we usually don't have such a high bar for preferences.
Certainly we usually don't evaluate it based on the percent of people
who would be interested. From my point of view the arguments you
raised are valid and should be considered.

> _______________________________________________
> firefox-dev mailing list
> firef...@mozilla.org
> https://mail.mozilla.org/listinfo/firefox-dev
>
_______________________________________________
firefox-dev mailing list
firef...@mozilla.org
https://mail.mozilla.org/listinfo/firefox-dev

[Mike Connor]

Actually we have always considered, and should continue to consider, the number of individuals who would take advantage of any preference. Adding and maintaining preferences is far from free, it's multiple code paths to write, test, and more potential combinations/interactions which we need to test and maintain. We should not incur those costs without a clear sense of the benefit to be gained for the price we'll pay.

-- Mike

[Brian Smith]

Drey wrote:
> Please reconsider your decision about WONTFIXing bug 814169 -
> introduce preference for controlling speculative pre-connections
> https://bugzilla.mozilla.org/show_bug.cgi?id=814169

> Rationale for WONTFIX status was given that there is not enough
> demand for that feature. However, recent comments & votes in this
> bug, and article like this (and it's comments) prove this wrong
> http://www.ghacks.net/2013/04/27/firefox-prefetching-what-you-need-to-know/

I understand that there are also some B2G partner requests (not sure I can name the partners) for disabling prefetching of DNS and presumably other prefetching (both things we've implemented and things we haven't implemented), to the point where I think it can probably be considered a B2G product requirement.

> Also privacy oriented bundles like Tor can or will use it, i guess.

Properly supporting something like a Tor browser requires a broader agreement across the developers working on the product that doesn't currently exist in the case of Firefox + the Tor Browser Bundle. I know within Mozilla, there are some strong advocates for the Tor browser bundle. There are also people (at least me) that think that the Tor browser bundle is not architecturally sound, and so any effort spent to support it is throwing good money after bad. Until/unless there is a sensible plan in effect, I don't think we should consider the Tor browser bundle as a factor in this kind of decision making. (Note that I think Tor and the idea of a Tor-based browser is a good thing. However, I don't think that it is sensible at all to build such a browser on top of mainstream browsers like Firefox or Chrome, because mainstream internet users and Tor users have needs/wants that are quite different from each other. Also, I think a Tor client should be an operating system, not just a
browser.)

> Mozilla have long been associated with privacy/security, so giving
> users an option to control unrequested/automatic connections is
> essential IMO.

Besides the privacy issue, we know that there are goals to minimize the network utilization of at least the mobile products. Again, my understanding is that we're already (considering) implementing this anyway, to address partner concerns regarding that.

I do think that as long as we keep the preference simple (a single "enable/disable all speculative prefetching of any kind" pref instead of dozens of individual prefs), we can probably minimize the complexity of providing the option. The article you cited is concerned that we don't have a separate option for disabling preconnections. However, I would argue that instead the complaint should be that the network.dns.disablePrefetch preference is too specific; who would ever set network.dns.disablePrefetch==false but want preconnections to still happen? Nobody, AFAICT.

> I also think Firefox should honor the pref in the case of the search
> bar.

Why? I can see why privacy-conscious people might want to disable prefetching of various sorts for links that are found within web pages. But, what privacy advantage is there in disabling DNS prefetching and/or preconnections for searches from the search box (or the address bar)? Also, regarding bandwidth utilization, I would say that the benefit of faster searching greatly outweighs the "extra bandwidth" concern; it's safe to say that if somebody is typing something into the search box, they're going to do a search--not only in the Firefox built-in search box, but even in search boxes in HTML forms, in most situations./

> Firefox privacy policy and this article http://mzl.la/Mxv856 should
> also mention speculative pre-connections.

Regarding the SuMo article at http://mzl.la/Mxv856, I think first it needs to be agreed upon that it should even be a goal to support what that page is trying to do. "Making connections without my permission" is something that we do all the time, because asking for permission in all cases would result in an unusable product for a variety of reasons (not just regarding performance, but also usability and security). I definitely consider a few of the items on that list to be too important to turn off for the vast majority of users. And, in general I don't think that we can hope to keep that list up to date and complete.

By the way, people are working on improvements to HTTP/SPDY that support some kinds of this prefetching in a way that reduces both the bandwidth overhead and the privacy issues. But, that is a way off.

Cheers,
Brian

[Drey]

2013/5/10 Brian Smith <bsm...@mozilla.com>

Why? I can see why privacy-conscious people might want to disable prefetching of various sorts for links that are found within web pages. But, what privacy advantage is there in disabling DNS prefetching and/or preconnections for searches from the search box (or the address bar)? Also, regarding bandwidth utilization, I would say that the benefit of faster searching greatly outweighs the "extra bandwidth" concern; it's safe to say that if somebody is typing something into the search box, they're going to do a search--not only in the Firefox built-in search box, but even in search boxes in HTML forms, in most situations./

1. Well, it's about UX being intuitive, staying in control of your computer... I mean when you click a button, you know for sure that a connection is being made.. But these automatic connections are not obvious at all. My stance is that software should only make remote connections when user take action - i.e. click a button/link, hits enter, not just hover cursor over some element or start typing text (automatic security updates being exclusion).

2. Privacy/bandwidth utilization example - user start typing or pastes some text in search bar, but intends to use another search engine, so obsolete connection with current search engine being made.

3. This comment also have a point: https://bugzilla.mozilla.org/show_bug.cgi?id=814169#c3

Regarding the SuMo article at http://mzl.la/Mxv856, I think first it needs to be agreed upon that it should even be a goal to support what that page is trying to do. "Making connections without my permission" is something that we do all the time, because asking for permission in all cases would result in an unusable product for a variety of reasons (not just regarding performance, but also usability and security). I definitely consider a few of the items on that list to be too important to turn off for the vast majority of users. And, in general I don't think that we can hope to keep that list up to date and complete.

Yeah, the title is not that great, the old one was better (Firefox makes unrequested connections).

But I think this article have an educational purpose, and rather useful.

I can update it when preference is introduced, and make some corrections, because some info there is missing/incorrect.

[Dão Gottwald]

On 10.05.2013 02:50, Brian Smith wrote:
>> I also think Firefox should honor the pref in the case of the search
>> bar.
>
> Why? I can see why privacy-conscious people might want to disable prefetching of various sorts for links that are found within web pages. But, what privacy advantage is there in disabling DNS prefetching and/or preconnections for searches from the search box (or the address bar)? Also, regarding bandwidth utilization, I would say that the benefit of faster searching greatly outweighs the "extra bandwidth" concern; it's safe to say that if somebody is typing something into the search box, they're going to do a search--not only in the Firefox built-in search box, but even in search boxes in HTML forms, in most situations.

I mostly agree here and this made me oppose the patch in bug 814169. I
for one would like to disable preconnections that have a real privacy
impact due to their speculative nature (e.g. bug 790882) while still
benefiting from preconnections in cases where privacy concerns are moot.

Dao

[Gavin Sharp]

On Fri, May 10, 2013 at 9:27 AM, Drey <dre...@gmail.com> wrote:
> My stance is that software should only make remote connections when
> user take action - i.e. click a button/link, hits enter, not just hover
> cursor over some element or start typing text (automatic security updates
> being exclusion).

It's fine for you to hold that stance, but if you think it should
impact decisions we make in Firefox, you'll need a more convincing
argument for *why* this matters to our broader user base. It's my
stance that the vast majority of our users care not one bit about
these connections. They care about their browser being as
fast/responsive as it can be, not about having precise control of the
connections it makes at a low level.

(I don't really have an objection to adding a hidden preference that
makes the nsISpeculativeConnect functionality a no-op, since a) it's
relatively straightforward to do in a single place, and b) I think it
comprehensively addresses the concerns of the small minority who care
more about these details than about performance, and c) doesn't
introduce too much risk for the majority shooting themselves in the
foot. But if I'm wrong about any of those, then I don't really want to
spend more than 5 minutes doing work to support this use case.)

Gavin

[Brunoais]

I think that making multiple permissions for this (without an
exaggeration) is the best option.
I'd say one permisson for DNS, one for the TCP connection and one for
the actual HTTP request.
OFC, if there's an option in the UI, it would be, for example, a single
checkbox that would activate or deactivate these 3 at the same time.
This is my opinion.

[Gavin Sharp]

This kind of fine grained control seems like overkill to me. I also
don't think this meets the bar for visible preferences UI (possibly as
part of some larger "privacy me harder" switch, but even that seems
unlikely).

Gavin

[Brunoais]

If no UI permission it's fine by me.
but I'd feel the lack of the about:config permission like this.

There are connections where an overhead like these speculations is bad.
A possible situation is when I'm using a mobile connection with very
limited traffic (10MB in my case). Where any byte matters to prevent
having the connection cut short.
When I use it, it is so risky that I actively deactivate loading of
images and I even use some cheating with the cache to try to only load
js that is an "investment" that lowers the amount of internet used and
not loading the rest. Flash ads and gif ads are the worst to destroy
those 10MB in a flash.
With the usage I have with that internet connection (which I don't use
often, btw) I can then use 5-8MB per month instead of the 20-50MB I'd
use for the exact same thing while browsing normally with images, all
js, but almost no flash.

I think that's already an acceptable use-case to consider with these
configurations.

[Gavin Sharp]

The mobile/bandwidth-limited use case is somewhat orthogonal -
addressing it by adding a hidden preference isn't really addressing it
at all. We can cover those use cases with adequate per-product
(Firefox for Android vs. Firefox OS vs. Firefox Desktop) default
behavior. We should track that problem separately, even though solving
it may require introducing some preferences.

Gavin