[tbb-dev] Proposal for redesigning the security controls

[Arthur D. Edelstein]

On Thu, Feb 8, 2018 at 12:48 PM Georg Koppen <gk at torproject.org> wrote:

Wait, I've never said that FPI makes security *worse*. I was arguing
> against your point that we need FPI in NoScript because that *improves*
> security:
>
> """
> A current problem we have with NoScript is that it does not respect
> first-party isolation (FPI), which is both a *security* and privacy
> issue. (emphasis mine)
> """
>

Oh — I’m sorry — that’s my mistake to have mentioned security there. I’m
not sure now why I said that. I actually think FPI is neutral with respect
to security, but an important feature for privacy. Apologies.

So, yes, I still think *security* decisions based on the URL bar domain
> do not give you the benefit you might intend. Or am I missing here a
> scenario where FPI indeed improves security as you claimed?


No, I think you’re right that there’s no improvement. But FPI doesn’t
necessarily imply security *decisions* based on URL bar domain. With
NoScript, I can decide to unblock a video from thirdparty.com, which is a
security decision based on my level of trust for that third-party domain,
and introducing FPI would merely ensure that decision won’t leak to other
first parties.

(Personally, I would guess it’s too difficult for users to make decisions
on specific third-party domains, and it’s more realistic for users to base
their trust on the first party, which is visible in the URL bar and should
be held responsible for third-party malware. But that is a UX/risk issue
separate from the FPI question.)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tbb-dev/attachments/20180208/f06a5db4/attachment-0001.html>