[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #22396 [Applications/Tor Browser]: What does "never for this site" for the canvas warning really mean?
#22396: What does "never for this site" for the canvas warning really mean?
--------------------------------------+--------------------------
Reporter: arma | Owner: tbb-team
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: ux-team | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------------------+--------------------------
Comment (by teor):
Replying to [comment:7 mcs]:
> I think the NoScript analogy is a good one. Other things to consider:
how often do people need to allow canvas data extraction for a site to
work correctly?
The most common use I've seen is a site that writes emoji, then looks to
see if the font supports them, and enables image fallbacks if it does not.
In this case, Tor Browser users should be fine (albeit slower) with the
image fallbacks.
> And do users expect the browser to remember these kind of permission
decisions across sessions (and how do we weigh that against not writing to
disk)?
No, I expect Tor Browser to forget everything when I restart or get a new
version.
Even better: when users allow canvas image extraction, does it actually
work?
I've seen sites where I've allowed image extraction, and they still fail.
Maybe this is because image extraction doesn't work in high security mode
even when allowed?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22396#comment:8>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs