[tbb-dev] TBB design doc updated for 4.0

[Georg Koppen]

Mike Perry:
> Hello all,
> 
> I've finally updated the design doc to cover TBB 4.0:
> https://www.torproject.org/projects/torbrowser/design/
> 
> In particular, the fingerprinting section saw substantial updates:
> https://www.torproject.org/projects/torbrowser/design/#fingerprinting-linkability
> 
> I also added a build security section that could probably use more links
> and more details:
> https://www.torproject.org/projects/torbrowser/design/#BuildSecurity
> 
> Feedback welcome! Patches are even more welcomer! ;)

In chronological order:

1) s/InstantBird/Instantbird/

2) s/Because fingerprinting is problem/Because fingerprinting is a problem/

3) "Similarly, we prioritize issues that differentiate only MacOS,
Windows, and Linux lower"

Might be good to link to the OS type fingerprinting section here.
Otherwise one might be confused about what does that "Similarly" refer
to? That we do not believe OS fingerprinting is solvable (similar to
cross-browser fingerprinting)? If so, why are we just prioritizing it
lower than other things and don't give up on fixing these problems in
the first place? etc.

4) s/provide which provide coverage for the all/provide coverage for the/

5) Monitor and Desktop resolution/CSS Media Queries section

Talking only about Montor/Desktop resolution in one section is fine but
then the first paragraph should only contain those fingerprinting
vectors relevant to it (screen orientation and other desktop features
are not mentioned in the Design Goal/Implementation Status parts).

I think talking about a certain technique used for extracting
fingerprinting information (CSS Media Queries) is a bit cumbersome given
that there is no specific Javascript section but only sections about
different fingerprinting vectors (leaving the means of exploiting them
either opaque or mentioning Javascript/CSS). Moreover, screen
orientation does not fit there as it can get queried by Javascript as
well. Thus, instead of focusing on CSS as a technique a better approach
might be to point to the remaining vectors related to the screen like
its orientation, system colors exposed etc. and see this section as a
complement to the Monitor/Screen/Desktop resolution one.

6) The tlsdate link points to the Tor Browser design document
(s/linkend/url).

7) s/of the Operating System/of the operating system/

8) "We have no defenses deployed that address OS type fingerprinting,
but nothing else." <- not sure what you mean here

9) s/linkability bugs and enhancements, see the
tbb-fingerprinting/fingerprintability bugs and enhancements, see the
tbb-fingerprinting/

10) We clear site permissions as well on New Identity (see commit
2418d8693fc6bd4b4a18aeb14cf39fd9cb660cf8). Mentioning "DOM local
storage" and "DOM Storage" might be confusing. Maybe we should rename
the former to "Offline application cache" as these are different beasts.

11) s/For Mac OS, we use toolchain4/For Mac OS, we use crosstools-ng/

12) libfaketime we use in Tor Browser 4.0 has no spoofing issues anymore
wrt the fine-grained timestamps

13) There are more LXC related leaks worth mentioning, see #12237 and
child tickets

14) s/contains a sorted list the SHA-256/contains a sorted list of the
SHA-256/

Georg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tbb-dev/attachments/20141104/8e7bd35a/attachment.sig>