[tbb-dev] FWD: privacy/security guidance docs for W3C groups

yan yan at torproject.org
Mon May 11 20:39:23 UTC 2015

On 3/20/15 5:35 PM, mikeperry at torproject.org wrote:
> Yan was kind enough to send this to me as a heads up. We both agreed
> that the Security & Privacy questionnaire needs a Threat Model for Third
> Party Tracking, so that it is easier to build a single option for
> controlling third party tracking identifiers, like we did with our
> 'privacy.thirdparty.isolate' option.
> She suggested that we should create an issue for this at
> https://github.com/mikewest/spec-questionnaire/issues, describing how
> Tor Browser deals with this threat model, and what we would like to see
> in terms of how API designers should address it.
> Are there any other issues or suggestions we should make there, in
> either that document, or the fingerprinting guidance draft?

FWIW, the W3C Technical Architecture group (of which I am a part) has 
taken over maintainance of this document. I migrated Mike's issue re: 
fingerprinting threat models to 

> ----- Forwarded message from Yan Zhu <yzhu at yahoo-inc.com> -----
> Date: Thu, 19 Mar 2015 16:06:27 +0000 (UTC)
> From: Yan Zhu <yzhu at yahoo-inc.com>
> Subject: privacy/security guidance docs for W3C groups
> Hi technologist-ish people, The W3C has been working on some privacy and
> security guides for working groups to consider when writing new specs.
> As you probably know, it has historically been easy for new
> specifications to accidentally (or intentionally) introduce web tracking
> methods and increase browser security surface. We are trying to take
> steps towards preventing this by encouraging/forcing working groups to
> do a security/privacy self-review of specs in the future.  I'd be
> curious to hear your feedback on the following two guides if you have
> any:
> * https://mikewest.github.io/spec-questionnaire/security-privacy/ - a
> general collection of security/privacy questions that groups should
> ask about new specs
> * https://w3c.github.io/fingerprinting-guidance/ - a guide to mitigating
> fingerprinting. I'm thinking the "Best Practices Section" could get
> merged into the questionnaire above.
> Thanks,Yan
> ----- End forwarded message -----
> _______________________________________________
> tbb-dev mailing list
> tbb-dev at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tbb-dev

More information about the tbb-dev mailing list