[tor-bugs] #3100 [TorBrowserButton]: Reduce security prefs into a few groups

Tor Bug Tracker & Wiki torproject-admin at torproject.org
Thu Jul 19 20:22:01 UTC 2012 

#3100: Reduce security prefs into a few groups
------------------------------------------+---------------------------------
 Reporter:  mikeperry                     |          Owner:  mikeperry                    
     Type:  defect                        |         Status:  new                          
 Priority:  major                         |      Milestone:  TorBrowserBundle 2.3.x-stable
Component:  TorBrowserButton              |        Version:                               
 Keywords:  tbb-disk-leak, tbb-usability  |         Parent:                               
   Points:                                |   Actualpoints:                               
------------------------------------------+---------------------------------
Changes (by mikeperry):

  * keywords:  tbb-disk-leak => tbb-disk-leak, tbb-usability


Old description:

> We should reduce the number of preferences into levels of security rather
> than the myriad of individual behavior controls we have now.
>
> Reducing the number of options can reduce the ability of users to
> fragment themselves into different anonymity sets through fingerprinting.
>
> Our translators will hate us for a while, but there will be less words to
> translate total.
>
> I want to get the set down to the following four options:
>
>  - Block Plugins
>  - Resist Fingerprinting
>  - Record Browsing History on Disk
>  - Record Tor Cookies on Disk
>
> I don't think we need much else. The rest of the options will remain
> buried in about:config.
>
> FYI: We need to disable "Permanent Private Browsing Mode" to allow us to
> record history again.

New description:

 We should reduce the number of preferences into levels of security rather
 than the myriad of individual behavior controls we have now.

 Reducing the number of options can reduce the ability of users to fragment
 themselves into different anonymity sets through fingerprinting.

 Our translators will hate us for a while, but there will be less words to
 translate total.

 I want to get the set down to the following four options:

  - Record Browsing History on Disk
  - Record Tor Cookies on Disk

  - Block Plugins
  - Resist Fingerprinting

 I don't think we need much else. The rest of the options will remain
 buried in about:config.

 The last two should also be removed once we get a better per-site Privacy
 UI (see #5273 and the UI mockup in
 https://www.torproject.org/projects/torbrowser/design/#identifier-
 linkability)

--

Comment:

 Block plugins and resist fingerprinting should not be a global choices
 long-term. See #5273 and the updated design doc.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/3100#comment:10>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list