[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #32714 [Applications/Tor Browser]: Investigate fingerprinting/fpi risks for Feature Policy

To: undisclosed-recipients: ;
Subject: [tor-bugs] #32714 [Applications/Tor Browser]: Investigate fingerprinting/fpi risks for Feature Policy
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Tue, 10 Dec 2019 19:09:09 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 10 Dec 2019 14:09:20 -0500
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
Reply-to: no-reply@xxxxxxxxxxxxxx, tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#32714: Investigate fingerprinting/fpi risks for Feature Policy
-------------------------------------+-------------------------------------
     Reporter:  gk                   |      Owner:  tbb-team
         Type:  task                 |     Status:  new
     Priority:  Medium               |  Milestone:
    Component:  Applications/Tor     |    Version:
  Browser                            |   Keywords:  ff78-esr, tbb-
     Severity:  Normal               |  fingerprinting
Actual Points:                       |  Parent ID:
       Points:                       |   Reviewer:
      Sponsor:                       |
-------------------------------------+-------------------------------------
 [https://developer.mozilla.org/sv-SE/docs/Web/HTTP/Feature_Policy Feature
 Policy] got implemented in
 [https://bugzilla.mozilla.org/show_bug.cgi?id=1390801 Firefox 64ff.]

 Feature Policy allows websites by different means (e.g. via the `Feature-
 Policy` header) to enable/disable plethora of features providing website
 owners a very fine-grained control over them. We should make sure that our
 first-party isolation and fingerprinting resistance is not impacted by
 that.

 This feature is only available on nightly by default as of Firefox 73 but
 that might change soon.

 It can be controlled by
 [https://bugzilla.mozilla.org/show_bug.cgi?id=1507230 two preferences],
 `dom.security.featurePolicy.header.enabled` and
 `dom.security.featurePolicy.webidl.enabled`.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/32714>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #32750 [Applications/Tor Browser]: Sign nightly sha256sums files with gpg
Next by Author: Re: [tor-bugs] #32636 [Applications/Tor Launcher]: Clean up locales shipped with Tor Launcher
Previous by thread: Re: [tor-bugs] #32713 [Applications/Tor Browser]: Letterboxing doesn't work when fullscreening videos (it covers exactly the whole screen)
Next by thread: [tor-bugs] #32715 [Applications/Tor Browser]: Document our downloads.json file
Index(es):
- Author
- Thread