Confirmed users
76
edits
Privacy/Roadmap/Tor/Planning: Difference between revisions
Jump to navigation
Jump to search
no edit summary
(Created page with "It seems there are three buckets for Tor/Privacy Related bugs: # Browser Entropy (Identification) ## Reduce/Limit the number of fonts available to render (Related Bugs [https://...") |
No edit summary |
||
| Line 2: | Line 2: | ||
# Browser Entropy (Identification) | # Browser Entropy (Identification) | ||
## Reduce/Limit the number of fonts available to render | ## Reduce/Limit the number of fonts available to render | ||
##* Related Bugs [https://trac.torproject.org/projects/tor/ticket/2872 Tor 2872 ] | |||
## Reduce the entropy on available window size | ## Reduce the entropy on available window size | ||
##* Related Bugs [https://trac.torproject.org/projects/tor/ticket/2875 Tor 2875 ] , [https://bugzilla.mozilla.org/show_bug.cgi?id=418986 Bugzilla 418986] | |||
## Block access to Components.Interfaces and Components.lookup from non XUL javascript) | ## Block access to Components.Interfaces and Components.lookup from non XUL javascript) | ||
## Do not cache Basic | ##* Related Bugs [https://trac.torproject.org/projects/tor/ticket/2874 Tor 2874 ], [https://trac.torproject.org/projects/tor/ticket/2873 Tor 2873 ], [https://bugzilla.mozilla.org/show_bug.cgi?id=429070 Bugzilla 429070] | ||
## Do not cache Basic authentication schemes unless explicitly entered by the user | |||
# Make the interaction with external helper applications and plugins explicit (click to play) | # Make the interaction with external helper applications and plugins explicit (click to play) | ||
## Click to run plugins | ## Click to run plugins | ||
## Change the behavior on private | ## Change the behavior on private browsing to 'ask first' for all external apps. | ||
## Click to enable WebGL (Related to entropy of the browser itself) | ## Click to enable WebGL (Related to entropy of the browser itself) | ||
#Prevent Cross-domain identifiaction | #Prevent Cross-domain identifiaction | ||
| Line 19: | Line 22: | ||
*Clear SSL sessions. | *Clear SSL sessions. | ||
*Close keepalive TCP sessions | *Close keepalive TCP sessions | ||
*Clear HSTS site preferences | |||
Will NOT do: | |||
*Randomize HTTP pipelining | |||
** Currently is unknown if this defense would work. | |||
*Disable all plugins except flash | |||
** We cannot determine a-priori what is good/bad from the users perspective. | |||