add Firefox about_config values for Referer #340
No reviewers
Labels
No Label
🔍🤖 Search Engines
approved
dependencies
duplicate
feedback wanted
high priority
I2P
iOS
low priority
OS
Self-contained networks
Social media
stale
streaming
todo
Tor
WIP
wontfix
XMPP
[m]
₿ cryptocurrency
ℹ️ help wanted
↔️ file sharing
⚙️ web extensions
✨ enhancement
❌ software removal
💬 discussion
🤖 Android
🐛 bug
💢 conflicting
📝 correction
🆘 critical
📧 email
🔒 file encryption
📁 file storage
🦊 Firefox
💻 hardware
🌐 hosting
🏠 housekeeping
🔐 password managers
🧰 productivity tools
🔎 research required
🌐 Social News Aggregators
🆕 software suggestion
👥 team chat
🔒 VPN
🌐 website issue
🚫 Windows
👁️ browsers
🖊️ digital notebooks
🗄️ DNS
🗨️ instant messaging (im)
🇦🇶 translations
No Milestone
No Assignees
1 Participants
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: privacyguides/privacytools.io#340
Loading…
Reference in New Issue
No description provided.
Delete Branch "about-config-referer"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Description
Add suggested values for
network.http.referer.XOriginPolicy
andnetwork.http.referer.XOriginTrimmingPolicy
HTML Preview
http://htmlpreview.github.io/?https://github.com/groovecoder/privacytools.io/blob/about-config-referer/index.html
I wasn't aware about these configuration settings, thanks!
Is there a particular reason why you set
network.http.referer.XOriginPolicy
to 1 instead of 2?1: a.example.com and b.example.com would be allowed
2: only b.example.com & b.example.com would be allowed
Seems like the second option is even more secure, but maybe at the expense of functionality.
Right;
1
would seem to break fewer things. When we studied its effect on user-reported breakage, it seemed to be minimal. We didn't study2
yet, but we probably will. I'll update here again if2
seems just as good.Sorry I had my settings crossed. We didn't actually study
XOriginPolicy
effects on breakage. But the assumption is the same - referers to eTLD will presumably break fewer sites.Not sure
1
really helps. Maybe recommend2
and explain that if it breaks sites a lot, the user should try changing it to1
?Depends on the adversary and the risk. eTLD's would able to combine/track across the sub-domains if they wanted to. But I see the other privacy settings tweaks maximize privacy, so
2
makes sense here.Updated commit to suggest
2
and also to suggest a globalReferer
trimming policy.