[tbb-dev] FWD: privacy/security guidance docs for W3C groups

mikeperry at torproject.org mikeperry at torproject.org
Sat Mar 21 00:35:52 UTC 2015

Yan was kind enough to send this to me as a heads up. We both agreed
that the Security & Privacy questionnaire needs a Threat Model for Third
Party Tracking, so that it is easier to build a single option for
controlling third party tracking identifiers, like we did with our
'privacy.thirdparty.isolate' option.

She suggested that we should create an issue for this at
https://github.com/mikewest/spec-questionnaire/issues, describing how
Tor Browser deals with this threat model, and what we would like to see
in terms of how API designers should address it.

Are there any other issues or suggestions we should make there, in
either that document, or the fingerprinting guidance draft?

----- Forwarded message from Yan Zhu <yzhu at yahoo-inc.com> -----

Date: Thu, 19 Mar 2015 16:06:27 +0000 (UTC)
From: Yan Zhu <yzhu at yahoo-inc.com>
Subject: privacy/security guidance docs for W3C groups

Hi technologist-ish people, The W3C has been working on some privacy and
security guides for working groups to consider when writing new specs.
As you probably know, it has historically been easy for new
specifications to accidentally (or intentionally) introduce web tracking
methods and increase browser security surface. We are trying to take
steps towards preventing this by encouraging/forcing working groups to
do a security/privacy self-review of specs in the future.  I'd be
curious to hear your feedback on the following two guides if you have

* https://mikewest.github.io/spec-questionnaire/security-privacy/ - a
general collection of security/privacy questions that groups should
ask about new specs

* https://w3c.github.io/fingerprinting-guidance/ - a guide to mitigating
fingerprinting. I'm thinking the "Best Practices Section" could get
merged into the questionnaire above.


----- End forwarded message -----

Mike Perry
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Digital signature
URL: <http://lists.torproject.org/pipermail/tbb-dev/attachments/20150320/18197457/attachment.sig>

More information about the tbb-dev mailing list