Thus spake Andrew Lewman (andrew@xxxxxxxxxxxxxx): > On Thu, 19 Jan 2012 23:27:54 -0800 > Mike Perry <mikeperry@xxxxxxxxxxxxxx> wrote: > > See: > > https://www.torproject.org/projects/torbrowser/design/#privacy > > > > Is that too technical? How can I improve the design document so that > > it is more clear that it is exactly what you're looking for? > > This came up in a support phone call recently. The question asked > was, "Can I login to my igoogle through tbb and still search in a new > tab without logging in, and keep the search terms separate from the > obviously identified igoogle tab?" Yeah, I was thinking that we may want to make a human version of the design document for use on the main website. It should be a short description of the url bar origin isolation idea in plain english, and introduce the "New Identity" concept, perhaps with some images. In fact, I think the new Firefox 4.0+ URL bar hostname shaddowing already suggests subdomain-based isolation. They did it for SSL awareness and related phishing issues, but it helps suggest our privacy properties too. I think the most surprising thing to laypeople will be "Hey wait, you mean Google *could* somehow know what I'm doing on twiter in my normal browser?" The answer, of course, is that Google can and does (at least at some level). In fact, I'm not aware of too many big web players that don't have this ability in all existing browsers other than TBB. We need to make this fact quite clear, I think. > The design doc isn't crystal clear here. It is clear that bing.com > searches will not leak to igoogle page, but not clear if > encrypted.google.com searches leak to www.google.com/ig and vice versa. You're right, on a more technical level we need to tighten some definitions. Unfortunately, the underlying implementation for each identifier storage is not always uniform between FQDNs versus subdomains. But, this could just mean we take the loosest definition. Ie, in most cases mail.google.com can track you on encrypted.google.com, but mail.google.com can't track you on www.twitter.com. -- Mike Perry Exterminate all dogma. Permit no exceptions.
Description: PGP signature
_______________________________________________ tor-talk mailing list tor-talk@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk