On 30 October 2014 00:10, Mike Perry mikeperry@torproject.org wrote:
Feedback welcome!
I found the following dead links to patches: - DOM storage for third party domains MUST be isolated to the url bar origin, to prevent linkability between sites. This functionality is provided through a patch to Firefox. - We disable SSL Session IDs via a patch to Firefox. - Additionally, we limit both the number of font queries from CSS, as well as the total number of fonts that can be used in a document with a Firefox patch. - Currently, we patch Firefox to randomize pipeline order and depth.
Also, decloak.net seems to be dead?
In "History records and other on-disk information" I think extracting unique identifiers about the user's hardware would be worth mentioning (seeing as it actually happened.) MAC address, hostname, etc.
I think a couple of other promising standards are FIDO, and the referrer policy in CSP 2.0 (http://www.w3.org/TR/CSP11/) but I understand if you don't want to try and read a whole bunch about them to figure out if you think they're promising or not.
-tom