[tbb-dev] TBB design doc updated for 4.0

Tom Ritter tom at ritter.vg
Mon Nov 3 04:27:24 UTC 2014

On 30 October 2014 00:10, Mike Perry <mikeperry at torproject.org> wrote:
> Feedback welcome!

I found the following dead links to patches:
 - DOM storage for third party domains MUST be isolated to the url bar
origin, to prevent linkability between sites. This functionality is
provided through a patch to Firefox.
 - We disable SSL Session IDs via a patch to Firefox.
 - Additionally, we limit both the number of font queries from CSS, as
well as the total number of fonts that can be used in a document with
a Firefox patch.
 - Currently, we patch Firefox to randomize pipeline order and depth.

Also, decloak.net seems to be dead?

In "History records and other on-disk information" I think extracting
unique identifiers about the user's hardware would be worth mentioning
(seeing as it actually happened.)  MAC address, hostname, etc.

I think a couple of other promising standards are FIDO, and the
referrer policy in CSP 2.0 (http://www.w3.org/TR/CSP11/) but I
understand if you don't want to try and read a whole bunch about them
to figure out if you think they're promising or not.


More information about the tbb-dev mailing list