Do not check for new version of Threema Web on every route change

Question

Do not check for new version of Threema Web on every route change

ovalseven8 opened this issue 5 years ago · comments

Bug Description

Currently, Threema Web sends a request to check if a new update is available every time you switch conversations within Threema Web. This is some kind of activity tracking that is unnecessary.

Potential Solution

@lgrahl wrote in #183 (comment):

We can use a service worker to pre-fetch all pages and then just check the version every once in a while.

Lenny · Answer 1 · Mon Oct 07 2019 20:28:16 GMT+0800 (China Standard Time)

The title was misleading since we absolutely do not track. This is about the possibility that we could gather some usage info.

rugk · Answer 2 · Mon Oct 07 2019 20:59:08 GMT+0800 (China Standard Time)

Not only you, the threat model also has to consider a third-party, i.e. an network level attacker. They can certainly see the request and an estimated size. And regular pings of a similar size would likely be able to correlate to this type of request.

Danilo Bargen · Answer 3 · Mon Oct 07 2019 21:05:50 GMT+0800 (China Standard Time)

We can use a service worker to pre-fetch all pages and then just check the version every once in a while.

That won't work, since there may still be a mismatch between the template and the controller, leading to UI errors

What we could do is inlining all HTML templates into the JavaScript files. That means a larger initial page load, but no template requests after the webapp has been loaded.

Note that we do not request the templates ourselves. That is part of the AngularJS "partials" system.

Not only you, the threat model also has to consider a third-party, i.e. an network level attacker. They can certainly see the request and an estimated size. And regular pings of a similar size would likely be able to correlate to this type of request.

I don't understand that. This is only about the fact that the webserver could track how often someone switches a conversation, because that's when the GET version.txt request is being sent. There is no other information being leaked. Once the template is loaded, it stays cached in the browser.

No conversations or chat messages are ever transferred to that webserver.

Lenny · Answer 4 · Mon Oct 07 2019 21:11:29 GMT+0800 (China Standard Time)

That won't work, since there may still be a mismatch between the template and the controller, leading to UI errors

You open web.threema.ch. It then pre-fetches all templates via the service worker. Subsequent fetches will return the same template version. What's the problem?

Danilo Bargen · Answer 5 · Mon Oct 07 2019 21:16:37 GMT+0800 (China Standard Time)

Ah, if you guarantee that the templates will not survive a page reload, then that's fine. If you only check the version "every once in a while" and cache the templates for longer than a single page load, then the JS (which probably isn't cached) will expect newer templates, but you'll get older templates from the cache.

Caching will work if you either cache and then invalidate all static files (js, css, templates, images, etc) or none.

You'll also need to get AngularJS to load those templates via a fetch request. Not sure if that's possible or not. If privacy of those version requests really is a concern, then inlining the templates is much simpler and much less error-prone. Note that once a service worker is caching data that isn't properly invalidated, we have no way to easily fix that using a new release.

Lenny · Answer 6 · Mon Oct 07 2019 21:20:09 GMT+0800 (China Standard Time)

AFAIK, the browser will always use fetch underneath which is what you're hooking into. There's also a way to do cache versioning if we really want that. Take a look at it before calling it more error-prone prematurely. 😜

Stefan Schindler · Answer 7 · Thu Dec 12 2019 18:19:29 GMT+0800 (China Standard Time)

I like the prefetch everything with a service worker idea.