[tbb-bugs] #32714 [Applications/Tor Browser]: Investigate fingerprinting/fpi risks for Feature Policy

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Dec 10 19:09:09 UTC 2019


#32714: Investigate fingerprinting/fpi risks for Feature Policy
-------------------------------------+-------------------------------------
     Reporter:  gk                   |      Owner:  tbb-team
         Type:  task                 |     Status:  new
     Priority:  Medium               |  Milestone:
    Component:  Applications/Tor     |    Version:
  Browser                            |   Keywords:  ff78-esr, tbb-
     Severity:  Normal               |  fingerprinting
Actual Points:                       |  Parent ID:
       Points:                       |   Reviewer:
      Sponsor:                       |
-------------------------------------+-------------------------------------
 [https://developer.mozilla.org/sv-SE/docs/Web/HTTP/Feature_Policy Feature
 Policy] got implemented in
 [https://bugzilla.mozilla.org/show_bug.cgi?id=1390801 Firefox 64ff.]

 Feature Policy allows websites by different means (e.g. via the `Feature-
 Policy` header) to enable/disable plethora of features providing website
 owners a very fine-grained control over them. We should make sure that our
 first-party isolation and fingerprinting resistance is not impacted by
 that.

 This feature is only available on nightly by default as of Firefox 73 but
 that might change soon.

 It can be controlled by
 [https://bugzilla.mozilla.org/show_bug.cgi?id=1507230 two preferences],
 `dom.security.featurePolicy.header.enabled` and
 `dom.security.featurePolicy.webidl.enabled`.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/32714>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tbb-bugs mailing list