[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #22981 [Applications/Tor Browser]: Don't block audio/video on https sites under Medium Security

To: undisclosed-recipients: ;
Subject: Re: [tor-bugs] #22981 [Applications/Tor Browser]: Don't block audio/video on https sites under Medium Security
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Wed, 18 Apr 2018 19:40:46 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 18 Apr 2018 15:41:03 -0400
In-reply-to: <055.704d928ecc39cc66558e9b37aed242a0@torproject.org>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <055.704d928ecc39cc66558e9b37aed242a0@torproject.org>
Reply-to: no-reply@xxxxxxxxxxxxxx, tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#22981: Don't block audio/video on https sites under Medium Security
-------------------------------------------------+-------------------------
 Reporter:  arthuredelstein                      |          Owner:  tbb-
                                                 |  team
     Type:  defect                               |         Status:  new
 Priority:  Medium                               |      Milestone:
Component:  Applications/Tor Browser             |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  tbb-usability, tbb-security-slider,  |  Actual Points:
  ux-team                                        |
Parent ID:  #23150                               |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------

Comment (by arthuredelstein):

 To explain a little more, the idea here is to essentially make the
 security settings for HTTP and HTTPS independent. That results in three
 security levels:

 Low: HTTP unprotected, HTTPS unprotected
 Medium: HTTP protected, HTTPS unprotected
 High: HTTP protected, HTTPS protected

 This has usability benefits because it simplifies user's understanding of
 what protections are at each level. And on Medium Security, the usability
 has improved while still protecting against hostile injections on HTTP
 sites.

 It also has fingerprinting benefits by making Medium and High Security
 look the same on HTTP sites and Low and Medium look the same on HTTPS
 sites.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22981#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #25511 [Core Tor/Tor]: Expose TZ info on control port for better debugging of time errors
Next by Author: Re: [tor-bugs] #25208 [Core Tor/Tor]: Relays can upload a new descriptor every 2 minutes
Previous by thread: Re: [tor-bugs] #25843 [Core Tor/Tor]: Make NumEntryGuards consistent with #271 consensus params
Next by thread: Re: [tor-bugs] #22981 [Applications/Tor Browser]: Don't block audio/video on https sites under Medium Security
Index(es):
- Author
- Thread