[tor-bugs] #25559 [Applications/Tor Browser]: Miscellaneous security- and privacy-related prefs for Tor Browser

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Mar 20 20:04:30 UTC 2018

#25559: Miscellaneous security- and privacy-related prefs for Tor Browser
     Reporter:  arthuredelstein           |      Owner:  tbb-team
         Type:  defect                    |     Status:  new
     Priority:  Medium                    |  Milestone:
    Component:  Applications/Tor Browser  |    Version:
     Severity:  Normal                    |   Keywords:  tbb-security,
                                          |  ff60-esr
Actual Points:                            |  Parent ID:
       Points:                            |   Reviewer:
      Sponsor:                            |
 JKT has been working on some prefs he suggested we might consider:
 * Security.mixed_content.upgrade_display_content
   * Upgrades passive mixed content to HTTPS transparently
 * Network.ftp.enabled
   * disable FTP
 * security.insecure_connection_icon.enabled and
 * security.insecure_connection_text.enabled and
   * Both of these mark HTTP connections as insecure. One with a broken
 lock icon, the other with text saying ‘Not Secure’
 * Insecure flash content:
   * security.mixed_content.block_object_subrequest
 * Sensors:
   * device.sensors.*.enabled (motion, proximity, ambientLight and
 orientation) && the Event constructors are now also included in
   * `device.sensors.enabled` set to False in RF
 * dom.registerProtocolHandler.insecure.enabled
 * browser.cache.offline.insecure.enable
 * dom.registerContentHandler.enabled

 Others being pondered:
 * Http-disabled
   * I believe this is to block all HTTP connections.

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/25559>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list