View on GitHub

GSoC-2017

Google Summer of Code 2017 project: Crash Reporter for Tor Browser

Welcome!

This is my final evaluation submission page for project “Crash Reporter for Tor Browser”, written code can be found in Tor Browser repository clone, but most work of this project was focused on non-coding stuffs (analysis, building, error handling).

I biweekly sent status reports to Tor Project mailing list (from nmagoru at gmail.com)

Project description

The goal of my project was to adapt existing Crash Reporter from Mozilla Firefox for Tor Browser: make it completely anonymous for end users and set up server side that will be collecting crash reports.

So Crash Reporter consists of:

What we did

Client

The first problem was that there are privacy-sensitive data fields in crash reports and we need a way to exclude these fields from reports. And the second problem was that Crash Reporter client may store reports on the user’s machine for an extended period of time (it could make it dangerous for user’s privacy, for example using site URLs in reports someone can find out what sites user visited). So in client side we made features to send only “safe” fields and delete all reports (regardless on report is sent or not).

Before we had made first feature we created blacklist to exclude privacy-sensitive fields from reports. Later we redefined this feature as whitelist because the function that adds data fields to reports is called from different parts of browser and it’s easier and safer to use whitelist to not miss any field.

Crash report data field analysis

To collect info and analyse report fields we made Wiki-page for project. Some fields can be easily divided into privacy-sensitive and “safe”, but we had problems with others:

We’ve started to carefully choose fields one-by-one and now have 5-10 that we sure in. There are interesting ideas in project wiki, such as making different privacy options in client (to choose by users). Also there are a complex fields (Add-ons, modules) in reports that (may be) should be filtered. It’s “war” between privacy and helpfulness of crash reports for developers.

Server

At first we worked on setting up Mozilla Socorro, but we encountered a problem: we spent 2 weeks uselessly trying set it up with Docker, so we had spoke with Socorro team and got strong recomendation that sounds “don’t try and use Socorro” :)

Finally, we decided to use Mini-Breakpad-Server (MBS) and broke MBS into 2 services:

Other option was “creating authorization” but it could make service intricate and unsafe, so “break into 2 services” was the fastest and easiest way. Both of services are set up as .onion: to send reports through the Tor network (why don’t use main feature of Tor Browser - anonymous network to send?).

Building Tor Browser

At the beginning we built just browser (not Tor Browser Bundle) to test features and in last 3 weeks of GSoC period we tried to build Tor Browser Bundle using Reproducible Build Manager (RBM), few days we spent building Windows version (also got erros such as this), after that returned to Linux version and we managed to build Tor Browser reproducible with enabled our updated Crash Reporter.

In this project building was very time taking and nothing doing process: you start build and have to just look, got logs, fix errors and start again. Dont sure have I to consider it as work hours :/

What is next?

There are much work to do (and I intend to keep working on this project):

P.S.

Everything related to GSoC was awesome. Thanks a lot to The Tor Project, especially to Tom Ritter and Georg Koppen, I’m really glad to work with you! And, of course, thanks to Google that made GSoC :)