[tor-bugs] #27059 [- Select a component]: Use sane about:config values

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Aug 8 11:24:12 UTC 2018


#27059: Use sane about:config values
----------------------------------+------------------------
 Reporter:  floweb                |          Owner:  (none)
     Type:  enhancement           |         Status:  new
 Priority:  High                  |      Milestone:
Component:  - Select a component  |        Version:
 Severity:  Normal                |     Resolution:
 Keywords:                        |  Actual Points:
Parent ID:                        |         Points:
 Reviewer:                        |        Sponsor:
----------------------------------+------------------------

Comment (by ProTipGuyFWIWWeLoveARMA):

 lol trying to keep up with the TB folks ;-* looks like you just took them
 from privacytools.io, but anyway

 Just to address some:

 Read https://www.torproject.org/projects/torbrowser/design/

 `webgl.disabled = true`

 Quote from the Tor Browser Design Document [DRAFT]:

 {{{
 WebGL

 WebGL is fingerprintable both through information that is exposed about
 the underlying driver and optimizations, as well as through performance
 fingerprinting.

 Because of the large amount of potential fingerprinting vectors and the
 previously unexposed vulnerability surface, we deploy a similar strategy
 against WebGL as for plugins. First, WebGL Canvases have click-to-play
 placeholders (provided by NoScript), and do not run until authorized by
 the user. Second, we obfuscate driver information by setting the Firefox
 preferences webgl.disable-extensions, webgl.min_capability_mode, and webgl
 .disable-fail-if-major-performance-caveat to true which reduces the
 information provided by the following WebGL API calls: getParameter(),
 getSupportedExtensions(), and getExtension(). Furthermore, WebGL2 is
 disabled by setting webgl.enable-webgl2 to false. To make the minimal
 WebGL mode usable we additionally normalize its properties with a Firefox
 patch.

 Another option for WebGL might be to use software-only rendering, using a
 library such as Mesa. The use of such a library would avoid hardware-
 specific rendering differences.
 }}}

 `network.IDN_show_punycode = true`

 That's the default Firefox value.

 `extensions.pocket.enabled = false`

 Firefox Pocket is non-existent in the Tor Browser.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/27059#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list