[tbb-dev] TBB design doc updated for 4.0
Tom Ritter
tom at ritter.vg
Mon Nov 3 04:27:24 UTC 2014
On 30 October 2014 00:10, Mike Perry <mikeperry at torproject.org> wrote:
> Feedback welcome!
I found the following dead links to patches:
- DOM storage for third party domains MUST be isolated to the url bar
origin, to prevent linkability between sites. This functionality is
provided through a patch to Firefox.
- We disable SSL Session IDs via a patch to Firefox.
- Additionally, we limit both the number of font queries from CSS, as
well as the total number of fonts that can be used in a document with
a Firefox patch.
- Currently, we patch Firefox to randomize pipeline order and depth.
Also, decloak.net seems to be dead?
In "History records and other on-disk information" I think extracting
unique identifiers about the user's hardware would be worth mentioning
(seeing as it actually happened.) MAC address, hostname, etc.
I think a couple of other promising standards are FIDO, and the
referrer policy in CSP 2.0 (http://www.w3.org/TR/CSP11/) but I
understand if you don't want to try and read a whole bunch about them
to figure out if you think they're promising or not.
-tom
More information about the tbb-dev
mailing list