Privacy/Features/DOMCryptAPI

Summary

DOMCrypt gives web developers and endusers control over who data typed into Firefox is shared with. This is like DNT for content, however, the user does not have to ask permission to opt out of tracking or revealing data. 3rd parties do not get to parse and mine user data.

Team

• Feature Manager: Dietrich Alaya
• Lead Developer: David Dahl
• Product Manager:
• QA: Juan Becerra
• Security: Curtis Koenig
• Privacy: Sid Stamm
• Cryptography:

Release Requirements

• Off main thread API methods
• Fennec support
• User and web developer evangelism
• Discussion and plan for possible standardization/use of existing standards

Next Steps

• Port extension over to Firefox/DOM code
• Use ChromeWorkers / callbacks for all API methods
• Test suite
• New name for the DOM property, currently using 'crypt', which is too close to window.crypto

Open Issues

This code is heavily based on parts of WeaveCrypto that was excised from mozilla-central, should we combine/re-add these methods back in or create a new module altogether? Currently, I think that we will need a completely new ChromeWorker-based module.

Need a better name for the window property, using "window.crypt" for the time being

Related Bugs & Dependencies

bug 649154

Designs

See http://domcrypt.org and https://github.com/daviddahl/domcrypt

Test Plans

In process of being created

Goals/Use Cases

Provide an elegant "webby" crypto API web developers can use to allow more user control of messages and data typed into Firefox

Non-Goals

Initially supporting complex Crypto standards. That will be a future goal.

Other Documentation

David Dahl has been working on this project over the past couple of years as a side project. Starting with content-based crypto via wordpress' AES implementation, moving to WeaveCrypto-based extensions and sites like https://droplettr.com - the realization dawned that starting small is the best bet in this endeavor: a single DOM property.

Legend