On 3/20/15 5:35 PM, mikeperry@torproject.org wrote:
Yan was kind enough to send this to me as a heads up. We both agreed that the Security & Privacy questionnaire needs a Threat Model for Third Party Tracking, so that it is easier to build a single option for controlling third party tracking identifiers, like we did with our 'privacy.thirdparty.isolate' option.
She suggested that we should create an issue for this at https://github.com/mikewest/spec-questionnaire/issues, describing how Tor Browser deals with this threat model, and what we would like to see in terms of how API designers should address it.
Are there any other issues or suggestions we should make there, in either that document, or the fingerprinting guidance draft?
FWIW, the W3C Technical Architecture group (of which I am a part) has taken over maintainance of this document. I migrated Mike's issue re: fingerprinting threat models to https://github.com/w3ctag/security-questionnaire/issues/7.
----- Forwarded message from Yan Zhu yzhu@yahoo-inc.com -----
Date: Thu, 19 Mar 2015 16:06:27 +0000 (UTC) From: Yan Zhu yzhu@yahoo-inc.com Subject: privacy/security guidance docs for W3C groups
Hi technologist-ish people, The W3C has been working on some privacy and security guides for working groups to consider when writing new specs. As you probably know, it has historically been easy for new specifications to accidentally (or intentionally) introduce web tracking methods and increase browser security surface. We are trying to take steps towards preventing this by encouraging/forcing working groups to do a security/privacy self-review of specs in the future. I'd be curious to hear your feedback on the following two guides if you have any:
general collection of security/privacy questions that groups should ask about new specs
- https://w3c.github.io/fingerprinting-guidance/ - a guide to mitigating
fingerprinting. I'm thinking the "Best Practices Section" could get merged into the questionnaire above.
Thanks,Yan
----- End forwarded message -----
tbb-dev mailing list tbb-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tbb-dev