[tbb-dev] TBB design doc updated for 4.0

Georg Koppen gk at torproject.org
Fri Nov 7 13:39:42 UTC 2014

Mike Perry:
> Georg Koppen:
>> Mike Perry:
>>> Hello all,
>>> I've finally updated the design doc to cover TBB 4.0:
>>> https://www.torproject.org/projects/torbrowser/design/
>>> In particular, the fingerprinting section saw substantial updates:
>>> https://www.torproject.org/projects/torbrowser/design/#fingerprinting-linkability
>>> I also added a build security section that could probably use more links
>>> and more details:
>>> https://www.torproject.org/projects/torbrowser/design/#BuildSecurity
>>> Feedback welcome! Patches are even more welcomer! ;)
>> Ok. After thinking about it a bit more, here is additional feedback:
>> 15) In 4.6.10 we might want to mention our #13027 backport.
> I believe I've fixed all of Tom's and your comments in the latest update
> (and also added 4.5-alpha-1 material too), except for this one. I think
> it is a distracting implementation detail, especially since Mozilla has
> already committed the fix for future versions. Other browsers are
> unlikely to hit this same bug, and may also have different bugs related
> to directly JS-exposed OS and arch info.

Good points. Nits after looking at your recent changes:

1) s/is likely to more fingerprintable/is likely to be more fingerprintable/

2) s/If WebGL is normalized/If WebGL were normalized/ <- still irrealis
as the other things you mention, no? :)

3) s/poverage for the all languages/coverage for all the languages/

4) We disable "gfx.font_rendering.opentype_svg.enabled" on the low level
of the security slider.

5) s/disable Javascript entirely all elements/disable Javascript
entirely for all elements/

6 s/pyc timestamps had to be address/pyc timestamps had to be addressed/

Looks good! (Good hint at CSP 2.0 for the Referer)


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tbb-dev/attachments/20141107/ecf4ce39/attachment.sig>

More information about the tbb-dev mailing list