Add option to disable the network predictor (previously known as Seer)

[dkasak]

Consider adding option to disable the network predictor engine (previously known as Seer), which got enabled again recently. It's a feature that monitors browsing patterns and tries to predict the user's next action in order to preload the necessary resources. It is similar to link prefetching in this regard. As an example, it will preload the resources of the link hovered over.

The option for disabling it is network.predictor.enabled.

[RoxKilly]

@dkasak Thanks for pointing this out! The discussion at your last link is from a year ago and the implementation has been rewritten since then (used to be network.seer.enabled; now is network.predictor.enabled). Note that the resources are not actually pre-fetched, and that no data is sent to the remote server until the user actively clicks on a link. AFAIK, this technology uses a local file to remember which resources were needed when the user visited example.com (such as image.jpg and script.js), so that the next time the user hovers the mouse over a link to example.com or goes to example.com, this history can be used to predict what resources will be needed rather than wait for the document to link to image.jpg and script.js. The data is erased at the end of a private browsing session.

Additional links:

Mozilla's WIKI on the technology (Necko): https://wiki.mozilla.org/Privacy/Reviews/Necko GHacks article about the previous implementation: http://www.ghacks.net/2014/05/11/seer-disable-firefox/ Discussion about the previous implementation (Seer) from ~May 2014: https://bugzilla.mozilla.org/show_bug.cgi?id=1005566

[dkasak]

@RoxKilly I'm aware the second of my links is an old discussion; I included it for context and due to newer comments mentioning the setting was renamed from network.seer.* to network.predictor.*. Where did you get the information that no data is sent to the remote server? I researched further, and from what I understood, the feature establishes connections to the servers in anticipation of fetching their resources (though you are correct that it doesn't seem to preload the data but simply pre-establishes TCP connections). I tried testing with a quick and dirty tcpdump and it indeed seems to be making connections to hovered over links when the feature is enabled. This is still undesirable from a privacy perspective.

[RoxKilly]

@dkasak I didn't mean to imply that the discussion was too old. I think that even though it's a year old, it is relevant; that's why I thanked you for pointing this out. I'd be interested to know more about the results of your testing.

I go the "no data sent" info from the Mozilla Wiki for Necko, the technology behind Seer and perhaps Network Predictor (see my first link in my previous post). Under the heading "Alignment with Privacy Operating Principles" and subheading "Principle: Transparency / No Surprises", it says: "no data is actually sent to the site until a user actively clicks a link >> DNS prefetch and TCP preconnect (which includes SSL handshake)". Is this a deceptive definition of "no data"? I would also like to know whether turning off DNS prefetching (which RAS can do) disables the DNS prefetching behavior of the Network Predictor.

Earlier I said that "the data is erased at the end of a private browsing session". On second read of the WIKI, this might be a misrepresentation. I think it would be more accurate to say that this feature is not used at all during private browsing, either to predict network requests or to remember them for future prediction. From the Wiki: "The seer does not record any data, nor does it take any action, when in private browsing mode. "

[dkasak]

@dkasak I didn't mean to imply that the discussion was too old. I think that even though it's a year old, it is relevant; that's why I thanked you for pointing this out. I'd be interested to know more about the results of your testing.

No worries. I wasn't sure if that was what you meant so I wanted to clarify.

Regarding testing, I'll have to repeat it on a VM with nothing using the network except Firefox to get conclusive and presentable results. I'll try to do this when I catch some time.

Under the heading "Alignment with Privacy Operating Principles" and subheading "Principle: Transparency / No Surprises", it says: "no data is actually sent to the site until a user actively clicks a link >> DNS prefetch and TCP preconnect (which includes SSL handshake)". Is this a deceptive definition of "no data"?

Depends on the definition of "data". I assume they're using the word in the sense of "application-level bytes sent over the TCP connection", but since they're (judging from that paragraph) still opening TCP connections and doing SSL handshakes, there is still information leakage about your browsing patterns. This obviously isn't desirable from a privacy perspective.

I would also like to know whether turning off DNS prefetching (which RAS can do) disables the DNS prefetching behavior of the Network Predictor.

Agreed. I suspect not, but this is merely a hunch.

I think it would be more accurate to say that this feature is not used at all during private browsing, either to predict network requests or to remember them for future prediction.

I think this is correct. The fact that they turn it off in private mode isn't very encouraging.

[RoxKilly]

For reference, a Mozilla page detailing ways in which Firefox makes background/automatic connections, and instructions on how to block them: https://support.mozilla.org/en-US/kb/how-stop-firefox-making-automatic-connections. Seems like a good resource, but interestingly, network.predictor.enabled is not mentioned so the list may not be exhaustive (or one of the options listed may be equivalent to disabling network.predictor.enabled)

[dillbyrne]

@RoxKilly Thanks for sharing :+1: