Bug 1387894 - Move all Resist Fingerprinting/Reduce Time Precision prefs to StaticPrefs r=smaug

Differential Revision: https://phabricator.services.mozilla.com/D39212

--HG--
extra : moz-landing-system : lando

modules/libpref/init/StaticPrefList.yaml

@@ -5529,7 +5529,7 @@
   value: false
   mirror: always
 
-# Spoof user locale to English
+# Whether to spoof user locale to English (used as part of Resist Fingerprinting)
 - name: privacy.spoof_english
   type: RelaxedAtomicUint32
   value: 0
@@ -5550,11 +5550,57 @@
   value: @IS_NIGHTLY_BUILD@
   mirror: always
 
+# The resistFingerprinting variables are marked with 'Relaxed' memory ordering.
+# We don't particurally care that threads have a percently consistent view of
+# the values of these prefs. They are not expected to change often, and having
+# an outdated view is not particurally harmful. They will eventually become
+# consistent.
+#
+# The variables will, however, be read often (specifically .microseconds on
+# each timer rounding) so performance is important.
+
 - name: privacy.resistFingerprinting
-  type: bool
+  type: RelaxedAtomicBool
   value: false
+  mirror: always
+
+# We automatically decline canvas permission requests if they are not initiated
+# from user input. Just in case that breaks something, we allow the user to revert
+# this behavior with this obscure pref. We do not intend to support this long term.
+# If you do set it, to work around some broken website, please file a bug with
+# information so we can understand why it is needed.
+- name: privacy.resistFingerprinting.autoDeclineNoUserInputCanvasPrompts
+  type: bool
+  value: true
+  mirror: always
+
+# The log level for browser console messages logged in RFPHelper.jsm
+# Change to 'All' and restart to see the messages
+- name: privacy.resistFingerprinting.jsmloglevel
+  type: String
+  value: "Warn"
   mirror: never
 
+# A subset of Resist Fingerprinting protections focused specifically on timers for testing
+# This affects the Animation API, the performance APIs, Date.getTime, Event.timestamp,
+#   File.lastModified, audioContext.currentTime, canvas.captureStream.currentTime
+- name: privacy.reduceTimerPrecision
+  type: RelaxedAtomicBool
+  value: true
+  mirror: always
+
+# Dynamically tune the resolution of the timer reduction for both of the two above prefs
+- name: privacy.resistFingerprinting.reduceTimerPrecision.microseconds
+  type: RelaxedAtomicUint32
+  value: 1000
+  mirror: always
+
+# Enable jittering the clock one precision value forward
+- name : privacy.resistFingerprinting.reduceTimerPrecision.jitter
+  type: RelaxedAtomicBool
+  value: true
+  mirror: always
+
 # Anti-tracking permission expiration
 - name: privacy.restrict3rdpartystorage.expiration
   type: uint32_t
@@ -5584,17 +5630,6 @@
 #endif
   mirror: always
 
-# Anti-fingerprinting, disabled by default
-- name: privacy.resistFingerprinting
-  type: RelaxedAtomicBool
-  value: false
-  mirror: always
-
-- name: privacy.resistFingerprinting.autoDeclineNoUserInputCanvasPrompts
-  type: RelaxedAtomicBool
-  value: false
-  mirror: always
-
 - name: privacy.storagePrincipal.enabledForTrackers
   type: RelaxedAtomicBool
   value: false

modules/libpref/init/all.js

@@ -1149,29 +1149,13 @@ pref("privacy.popups.maxReported", 100);
 #ifdef NIGHTLY_BUILD
 pref("privacy.trackingprotection.origin_telemetry.enabled", true);
 #endif
+
 // First Party Isolation (double keying), disabled by default
 pref("privacy.firstparty.isolate",                        false);
 // If false, two windows in the same domain with different first party domains
 // (top level URLs) can access resources through window.opener.
 // This pref is effective only when "privacy.firstparty.isolate" is true.
 pref("privacy.firstparty.isolate.restrict_opener_access", true);
-// We automatically decline canvas permission requests if they are not initiated
-// from user input. Just in case that breaks something, we allow the user to revert
-// this behavior with this obscure pref. We do not intend to support this long term.
-// If you do set it, to work around some broken website, please file a bug with
-// information so we can understand why it is needed.
-pref("privacy.resistFingerprinting.autoDeclineNoUserInputCanvasPrompts", true);
-// The log level for browser console messages logged in RFPHelper.jsm
-// Change to 'All' and restart to see the messages
-pref("privacy.resistFingerprinting.jsmloglevel", "Warn");
-// A subset of Resist Fingerprinting protections focused specifically on timers for testing
-// This affects the Animation API, the performance APIs, Date.getTime, Event.timestamp,
-//   File.lastModified, audioContext.currentTime, canvas.captureStream.currentTime
-pref("privacy.reduceTimerPrecision", true);
-// Dynamically tune the resolution of the timer reduction for both of the two above prefs
-pref("privacy.resistFingerprinting.reduceTimerPrecision.microseconds", 1000);
-// Enable jittering the clock one precision value forward
-pref("privacy.resistFingerprinting.reduceTimerPrecision.jitter", true);
 
 pref("dom.event.contextmenu.enabled",       true);
 pref("dom.event.coalesce_mouse_move",       true);

toolkit/components/resistfingerprinting/nsRFPService.cpp

@@ -16,6 +16,7 @@
 #include "mozilla/Preferences.h"
 #include "mozilla/Services.h"
 #include "mozilla/StaticPtr.h"
+#include "mozilla/StaticPrefs_privacy.h"
 #include "mozilla/TextEvents.h"
 #include "mozilla/dom/KeyboardEventBinding.h"
 
@@ -70,24 +71,8 @@ static mozilla::LazyLogModule gResistFingerprintingLog(
 
 NS_IMPL_ISUPPORTS(nsRFPService, nsIObserver)
 
-/*
- * The below variables are marked with 'Relaxed' memory ordering. We don't
- * particurally care that threads have a percently consistent view of the values
- * of these prefs. They are not expected to change often, and having an outdated
- * view is not particurally harmful. They will eventually become consistent.
- *
- * The variables will, however, be read often (specifically sResolutionUSec on
- * each timer rounding) so performance is important.
- */
-
 static StaticRefPtr<nsRFPService> sRFPService;
 static bool sInitialized = false;
-Atomic<bool, Relaxed> nsRFPService::sPrivacyResistFingerprinting;
-Atomic<bool, Relaxed> nsRFPService::sPrivacyTimerPrecisionReduction;
-// Note: anytime you want to use this variable, you should probably use
-// TimerResolution() instead
-Atomic<uint32_t, Relaxed> sResolutionUSec;
-Atomic<bool, Relaxed> sJitter;
 static uint32_t sVideoFramesPerSec;
 static uint32_t sVideoDroppedRatio;
 static uint32_t sTargetVideoRes;
@@ -115,15 +100,17 @@ nsRFPService* nsRFPService::GetOrCreate() {
 
 /* static */
 double nsRFPService::TimerResolution() {
+  double prefValue = StaticPrefs::
+      privacy_resistFingerprinting_reduceTimerPrecision_microseconds();
   if (nsRFPService::IsResistFingerprintingEnabled()) {
-    return max(100000.0, (double)sResolutionUSec);
+    return max(100000.0, prefValue);
   }
-  return sResolutionUSec;
+  return prefValue;
 }
 
 /* static */
 bool nsRFPService::IsResistFingerprintingEnabled() {
-  return sPrivacyResistFingerprinting;
+  return StaticPrefs::privacy_resistFingerprinting();
 }
 
 /* static */
@@ -132,7 +119,8 @@ bool nsRFPService::IsTimerPrecisionReductionEnabled(TimerPrecisionType aType) {
     return IsResistFingerprintingEnabled();
   }
 
-  return (sPrivacyTimerPrecisionReduction || IsResistFingerprintingEnabled()) &&
+  return (StaticPrefs::privacy_reduceTimerPrecision() ||
+          IsResistFingerprintingEnabled()) &&
          TimerResolution() > 0;
 }
 
@@ -538,7 +526,7 @@ double nsRFPService::ReduceTimePrecisionImpl(double aTime, TimeScale aTimeScale,
       floor(double(timeAsInt) / resolutionAsInt) * resolutionAsInt;
 
   long long midpoint = 0, clampedAndJittered = clamped;
-  if (sJitter) {
+  if (StaticPrefs::privacy_resistFingerprinting_reduceTimerPrecision_jitter()) {
     if (!NS_FAILED(RandomMidpoint(clamped, resolutionAsInt, aContextMixin,
                                   &midpoint)) &&
         timeAsInt >= clamped + midpoint) {
@@ -549,18 +537,18 @@ double nsRFPService::ReduceTimePrecisionImpl(double aTime, TimeScale aTimeScale,
   // Cast it back to a double and reduce it to the correct units.
   double ret = double(clampedAndJittered) / (1000000.0 / aTimeScale);
 
-  bool tmp_jitter = sJitter;
-  MOZ_LOG(gResistFingerprintingLog, LogLevel::Verbose,
-          ("Given: (%.*f, Scaled: %.*f, Converted: %lli), Rounding with (%lli, "
-           "Originally %.*f), "
-           "Intermediate: (%lli), Clamped: (%lli) Jitter: (%i Context: %" PRId64
-           " Midpoint: %lli) "
-           "Final: (%lli Converted: %.*f)",
-           DBL_DIG - 1, aTime, DBL_DIG - 1, timeScaled, timeAsInt,
-           resolutionAsInt, DBL_DIG - 1, aResolutionUSec,
-           (long long)floor(double(timeAsInt) / resolutionAsInt), clamped,
-           tmp_jitter, aContextMixin, midpoint, clampedAndJittered, DBL_DIG - 1,
-           ret));
+  MOZ_LOG(
+      gResistFingerprintingLog, LogLevel::Verbose,
+      ("Given: (%.*f, Scaled: %.*f, Converted: %lli), Rounding with (%lli, "
+       "Originally %.*f), "
+       "Intermediate: (%lli), Clamped: (%lli) Jitter: (%i Context: %" PRId64
+       " Midpoint: %lli) "
+       "Final: (%lli Converted: %.*f)",
+       DBL_DIG - 1, aTime, DBL_DIG - 1, timeScaled, timeAsInt, resolutionAsInt,
+       DBL_DIG - 1, aResolutionUSec,
+       (long long)floor(double(timeAsInt) / resolutionAsInt), clamped,
+       StaticPrefs::privacy_resistFingerprinting_reduceTimerPrecision_jitter(),
+       aContextMixin, midpoint, clampedAndJittered, DBL_DIG - 1, ret));
 
   return ret;
 }
@@ -727,13 +715,6 @@ nsresult nsRFPService::Init() {
   Preferences::RegisterCallbacks(PREF_CHANGE_METHOD(nsRFPService::PrefChanged),
                                  gCallbackPrefs, this);
 
-  Preferences::AddAtomicBoolVarCache(&sPrivacyTimerPrecisionReduction,
-                                     RFP_TIMER_PREF, true);
-
-  Preferences::AddAtomicUintVarCache(&sResolutionUSec, RFP_TIMER_VALUE_PREF,
-                                     RFP_TIMER_VALUE_DEFAULT);
-  Preferences::AddAtomicBoolVarCache(&sJitter, RFP_JITTER_VALUE_PREF,
-                                     RFP_JITTER_VALUE_DEFAULT);
   Preferences::AddUintVarCache(&sVideoFramesPerSec,
                                RFP_SPOOFED_FRAMES_PER_SEC_PREF,
                                RFP_SPOOFED_FRAMES_PER_SEC_DEFAULT);
@@ -765,8 +746,12 @@ nsresult nsRFPService::Init() {
 void nsRFPService::UpdateTimers() {
   MOZ_ASSERT(NS_IsMainThread());
 
-  if (sPrivacyResistFingerprinting || sPrivacyTimerPrecisionReduction) {
-    JS::SetTimeResolutionUsec(TimerResolution(), sJitter);
+  if (StaticPrefs::privacy_resistFingerprinting() ||
+      StaticPrefs::privacy_reduceTimerPrecision()) {
+    JS::SetTimeResolutionUsec(
+        TimerResolution(),
+        StaticPrefs::
+            privacy_resistFingerprinting_reduceTimerPrecision_jitter());
     JS::SetReduceMicrosecondTimePrecisionCallback(
         nsRFPService::ReduceTimePrecisionAsUSecsWrapper);
   } else if (sInitialized) {
@@ -778,12 +763,10 @@ void nsRFPService::UpdateTimers() {
 // timing-related
 void nsRFPService::UpdateRFPPref() {
   MOZ_ASSERT(NS_IsMainThread());
-  sPrivacyResistFingerprinting =
-      Preferences::GetBool(RESIST_FINGERPRINTING_PREF);
 
   UpdateTimers();
 
-  if (sPrivacyResistFingerprinting) {
+  if (StaticPrefs::privacy_resistFingerprinting()) {
     PR_SetEnv("TZ=UTC");
   } else if (sInitialized) {
     // We will not touch the TZ value if 'privacy.resistFingerprinting' is false

toolkit/components/resistfingerprinting/nsRFPService.h

@@ -255,9 +255,6 @@ class nsRFPService final : public nsIObserver {
                                     const WidgetKeyboardEvent* aKeyboardEvent,
                                     SpoofingKeyboardCode& aOut);
 
-  static Atomic<bool, Relaxed> sPrivacyResistFingerprinting;
-  static Atomic<bool, Relaxed> sPrivacyTimerPrecisionReduction;
-
   static nsDataHashtable<KeyboardHashKey, const SpoofingKeyboardCode*>*
       sSpoofingKeyboardCodes;