Look into the Tor Browser design document to pick new elements for "Firefox: Privacy Related "about:config" Tweaks" #272

New Issue

2017-07-17T10:40:10Z

C-O-M-P-A-R-T-M-E-N-T-A-L-I-Z-A-T-I-O-N commented

2017-07-17 10:40:10 +00:00

(Migrated from github.com)

The Tor Browser design document: https://www.torproject.org/projects/torbrowser/design/#Implementation

An example: privacy.resistFingerprinting should be set to true.

Maybe this is a bad idea, and maybe suggesting that one should tweak the Tor Browser itself to use clearnet as an alternative to Firefox + about:config tweaks.

Anyway, discuss. I'll compile a list in the meantime: (complete)

privacy.resistFingerprinting = true (A result of the Tor Uplift effort, this preference makes Firefox more resistant to browser fingerprinting.)
privacy.firstparty.isolate = true (A result of the Tor Uplift effort, this preference isolates all browser identifier sources (e.g. cookies) to the first party domain, with the goal of preventing tracking across different domains.)

The Tor Browser design document: https://www.torproject.org/projects/torbrowser/design/#Implementation An example: `privacy.resistFingerprinting` should be set to `true`. Maybe this is a bad idea, and maybe suggesting that one should tweak the Tor Browser itself to use clearnet as an alternative to Firefox + about:config tweaks. Anyway, discuss. I'll compile a list in the meantime: (complete) -------- - [x] privacy.resistFingerprinting = true (A result of the [Tor Uplift](https://wiki.mozilla.org/Security/Tor_Uplift) effort, this preference makes Firefox more resistant to browser fingerprinting.) - [x] privacy.firstparty.isolate = true (A result of the [Tor Uplift](https://wiki.mozilla.org/Security/Tor_Uplift) effort, this preference isolates all browser identifier sources (e.g. cookies) to the first party domain, with the goal of preventing tracking across different domains.)

C-O-M-P-A-R-T-M-E-N-T-A-L-I-Z-A-T-I-O-N commented

2017-07-17 11:07:34 +00:00

(Migrated from github.com)

We should also consider reviewing the Tor Uplift project since some prefs aren't documented in the Tor Browser Design document, such as privacy.firstparty.isolate. https://wiki.mozilla.org/Security/Tor_Uplift/Tracking

Note that this was the only pref not mentioned in the design document, so I guess I did all the work then for this part.

We should also consider reviewing the Tor Uplift project since some prefs aren't documented in the Tor Browser Design document, such as `privacy.firstparty.isolate`. https://wiki.mozilla.org/Security/Tor_Uplift/Tracking Note that this was the only pref not mentioned in the design document, so I guess I did all the work then for this part.

ghost commented

2017-07-17 18:54:47 +00:00

(Migrated from github.com)

https://gist.github.com/Shifterovich/ba649d96a1618cad294bc9b47f0541c8

C-O-M-P-A-R-T-M-E-N-T-A-L-I-Z-A-T-I-O-N commented

2017-07-17 19:34:44 +00:00

(Migrated from github.com)

@Shifterovich
Thanks, I'll look into it later to see what we can squeeze from it in addition here.

@Shifterovich Thanks, I'll look into it later to see what we can squeeze from it in addition here.

ghost commented

2017-07-17 19:37:31 +00:00

(Migrated from github.com)

A post from my now-dead blog. I did some research on browser fingerprinting in general.

C-O-M-P-A-R-T-M-E-N-T-A-L-I-Z-A-T-I-O-N commented

2017-07-18 17:48:00 +00:00

(Migrated from github.com)

Two first ones are addressed in this pull: https://github.com/privacytoolsIO/privacytools.io/pull/284

C-O-M-P-A-R-T-M-E-N-T-A-L-I-Z-A-T-I-O-N commented

2017-07-18 19:32:08 +00:00

(Migrated from github.com)

@Shifterovich
There's a feature request that is now in the review phase https://bugzilla.mozilla.org/show_bug.cgi?id=967895 which will integrate the HTML5 Canvas blocking inside Firefox, not sure if default but there will be for sure some pref for this, in which case Canvas Blocker would no longer be needed and you can close this issue, https://github.com/privacytoolsIO/privacytools.io/issues/99

@Shifterovich There's a feature request that is now in the review phase https://bugzilla.mozilla.org/show_bug.cgi?id=967895 which will integrate the HTML5 Canvas blocking inside Firefox, not sure if default but there will be for sure some pref for this, in which case Canvas Blocker would no longer be needed and you can close this issue, https://github.com/privacytoolsIO/privacytools.io/issues/99

Atavic commented

2017-07-19 21:14:41 +00:00

(Migrated from github.com)

There are tickets dealing with privacy.resistFingerprinting and privacy.firstparty.isolate.

There are tickets dealing with [privacy.resistFingerprinting](https://github.com/ghacksuserjs/ghacks-user.js/issues/7) and [privacy.firstparty.isolate](https://github.com/ghacksuserjs/ghacks-user.js/issues/8).

C-O-M-P-A-R-T-M-E-N-T-A-L-I-Z-A-T-I-O-N commented

2017-07-19 21:20:10 +00:00

(Migrated from github.com)

@Atavic Oh, ghacks' user.js :) Might be a good idea instead of having the tiresome manual approach but it will require auditing all their options, we only want privacy related ones.

Atavic commented

2017-07-19 21:22:25 +00:00

(Migrated from github.com)

You can choose those only, yes. There's a lot of comments.

C-O-M-P-A-R-T-M-E-N-T-A-L-I-Z-A-T-I-O-N commented

2017-07-24 22:43:00 +00:00

(Migrated from github.com)

Reviewed all options, seems those two are the only ones that stick out. @Shifterovich Is there anything preventing the merge for https://github.com/privacytoolsIO/privacytools.io/pull/284?