search

brave / brave-browser

Brave browser for Android, iOS, Linux, macOS, Windows.
https://brave.com
Mozilla Public License 2.0
17.57k stars 2.28k forks source link

"Private Window with Tor" and Snowflake's `Volunteer to help other connect...` Settings options should be disabled when Tor is admin-disabled #17609

Open stephendonner opened 3 years ago

stephendonner commented 3 years ago

Description

"Private Window with Tor" and Snowflake's Volunteer to help other connect... Settings options should be disabled when Tor is admin-disabled

Found while testing https://github.com/brave/brave-browser/issues/17530.

Steps to Reproduce

  1. write defaults write com.brave.Browser TorDisabled -integer 1 into a Terminal.app window and press enter
  2. new profile
  3. launch Brave
  4. click on the "hamburger" menu and notice there's no New Private Window with Tor option
  5. load brave://policy and confirm TorDisabled is set to true
  6. open brave://settings/extensions and look at the Private Window with Tor option

Actual result:

Private Window with Tor is still toggle-able to on and off, and works.

example example
Screen Shot 2021-08-20 at 8 56 27 AM Screen Shot 2021-08-20 at 11 50 22 AM

Expected result:

Private Window with Tor should be disabled, like Windows and Linux.

Windows Linux
windows-tor-disabled Screen Shot 2021-08-20 at 11 38 58 AM

Reproduces how often:

100%

Brave version (brave://version info)

Brave 1.30.38 Chromium: 93.0.4577.51 (Official Build) nightly (x86_64)
Revision 762d21050e2da59930c784c09b134d0b0b148188-refs/branch-heads/4577@{#915}
OS macOS Version 11.5.2 (Build 20G95)
simonhong commented 3 years ago

From the brave://policy, policies set by using defaults write com.brave.Browser TorDisabled -bool true is added as Recommended Policy like below.

Screen Shot 2021-08-20 at 10 38 51 AM

With another testing defaults write com.brave.Browser BrowserGuestModeEnabled -boolean true, Brave and Chrome show same behavior. Both browser displays BrowserGuestModeEnabled as a recommended policy.

I think this is expected behavior because user set this policy. (not by admin). Maybe macOS provides another way to make policies mandatory. According to the chromium's doc, Additional plist file is needed under /Library/Managed Preferences/<username>. but I tested by adding com.brave.Browser.nightly.plist with below below and it doesn't work. Still it's recommended policy.

<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
        <key>TorDisabled</key>
        <true/>
</dict>
</plist>

Chromium check whether policy is mandatory or not by using CFPreferencesAppValueIsForced() . See components/policy/core/common/policy_loader_mac.mm

MrAshRhodes commented 1 year ago

@simonhong This actually worked for me.

Setting the following com.brave.Browser.plist file in /Library/Managed Preferences/$username

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
 <dict>
  <key>TorDisabled</key>
  <true/>
 </dict>
</plist>

image

It only applies to the current user rather than the machine

Moving from the $username for to /Library/Managed Preferences/

image

Made it mandatory for the whole machine.

The file that contains policies that are Recommended is

~/Library/Preferences/com.brave.Browser.plist

Hope this helps anyone.

simonhong commented 1 year ago

@MrAshRhodes Wow, thanks for your great tip! 👍🏼

stephendonner commented 1 year ago

Whilst testing group-policy options for the Snowflake extensions in https://github.com/brave/brave-browser/issues/25315, I noticed it also doesn't cover the newly-added Volunteer to help others connect to the network pref:

Steps:

  1. installed 1.47.125
  2. pasted defaults write com.brave.Browser.beta TorDisabled -bool true into a Terminal/console window, and pressed return
  3. launched Brave
  4. confirmed that the New Private Window with Tor menu option is removed

Actual Results:

However, both Private window with Tor and Volunteer to help others connect to the Tor network should be grayed out/disabled (NOT toggled Off; unclickable)

Expected Results:

Both Private window with Tor and Volunteer to help others connect to the Tor network entries in brave://settings/privacy should be disabled when TorDisabled is true

brave://policy brave://settings/privacy
Screen Shot 2022-12-12 at 10 34 54 AM Screen Shot 2022-12-12 at 10 35 46 AM
MadhaviSeelam commented 1 year ago

Tested in Win 11 x64. Following have been found when TorDisabled is true:

  1. Install 1.47.121
  2. launch Brave
  3. opened brave://settings/privacy in a new-tab
  4. enabled Volunteer to help others connect to the Tor network toggle
  5. clicked on Extensions puzzle>>Snowflake
  6. opened brave://extensions in a new-tab
  7. Snowflake extension is shown
  8. close the browser
  9. opened Registry Editor
  10. created BraveSoftware/Brave key under HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Policies\
  11. create DWORD (32-bit) value named TorDisabled with value 1
  12. launch Brave
  13. open brave://policy
  14. confirmed TorDisabled is true
  15. open brave://settings/privacy
  16. click Extension puzzle>>Snowflake extension
ex1 ex2 ex3
image image image