[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Firefox privacy and Tor Browser

Thus spake andrew@xxxxxxxxxxxxxx (andrew@xxxxxxxxxxxxxx):

> On Sat, Mar 27, 2010 at 11:47:17AM -0430, mansourmoufid@xxxxxxxxx wrote 1.8K bytes in 40 lines about:
> : Firstly, about NoScript. You may wish to consider an extension named
> : RequestPolicy [1] instead. You may want to also want to consider
> : FlashBlock [2], since that is a popular attack vector.
> Thanks for your thoughts.  While I'm a big fan of request policy, it
> 'breaks' the web for 95% of the users out there.  The
> slightly-above-average web user still doesn't understand the web page
> they are viewing is composed of many domains all serving up different
> parts.  Having watched people use request policy for the first time,
> they end up temporarily enabling everything, because the defaults are
> still shocking to them.

Yes. See also my comments on the blog as to why I feel that NoScript
is a better solution than RequestPolicy even if usability wasn't a factor:

> : Secondly, about a specific behavior in Firefox itself, which I think
> : Tor developers should all be aware (or reminded) of. Firefox uses
> : Google's Safe Browsing API [3] to check visited websites against a
> : Google blacklist. There have been privacy issues brought up [4]. In
> : short, Firefox's use of this API could lead to Google (or anyone
> : listening to network traffic, since it was in the clear) being able to
> : track users via a unique hash communicated with Google servers and
> : persistent across sessions (including "Private Browsing"). Bart??omiej
> : has written extensively on the subject [5]. His attempts to patch this
> : privacy leak at the time were sabotaged by Google employees [6]. This
> : behavior is optional now in Firefox 3, but still on by default [7].
> : So, Tor Browser may want to consider having this "feature" off by
> : default?
> It is disabled, along with reported attack sites. It's disabled in
> prefs.js.  See
> https://svn.torproject.org/svn/torbrowser/trunk/build-scripts/config/prefs.js

Note that it is not disabled by the normal Torbutton shipped with the
installable bundles. This is because it is expected that the common
use case there is that the user will be toggling in and out of Tor
fairly frequently, which clears both this Google cookie and the
SafeBrowsing API's HMAC key (which is itself an additional

Mike Perry
Mad Computer Scientist
fscked.org evil labs

Attachment: pgpB0uunQofz3.pgp
Description: PGP signature