Thus spake Robert Ransom (rransom.8774@gmail.com):
On Thu, 23 Jun 2011 11:19:45 -0700 Mike Perry mikeperry@fscked.org wrote:
So perhaps Torbutton controlled per-tab proxy username+password is the best option? Oh man am I dreading doing that... (The demons laugh again.)
If you do this, you will need to give the user some indication of each tab's ???compartment???, and some way to move tabs between compartments.
Coloring each tab to indicate its compartment may fail for anomalous trichromats like me and *will* fail for more thoroughly colorblind users. Putting a number or symbol in each tab will confuse most users.
I suggest one compartment per browser window. (Of course, you can and should leave more detailed hooks in the browser's source if possible, in case someone wants to experiment with a different scheme.)
As soon as I sent the previous email, I wanted to edit it to change "per-tab" to something else. I think any kind of per-tab and per-window isolation does not correspond to how people have been trained to use their existing browsers.
In fact, I think we should also treat this linkability just like the window.name and referer. So, how about we set the Proposal 171 SOCKS username to a function of the hostname in the referer header (possibly caching the first referer for subsequent link navigation). If the referer is blank, use the request URL hostname. This policy should effectively give us the top-level origin isolation we want for other identifiers.