[tor-bugs] #32714 [Applications/Tor Browser]: Investigate fingerprinting/fpi risks for Feature Policy
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Dec 10 19:09:09 UTC 2019
#32714: Investigate fingerprinting/fpi risks for Feature Policy
-------------------------------------+-------------------------------------
Reporter: gk | Owner: tbb-team
Type: task | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor | Version:
Browser | Keywords: ff78-esr, tbb-
Severity: Normal | fingerprinting
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
-------------------------------------+-------------------------------------
[https://developer.mozilla.org/sv-SE/docs/Web/HTTP/Feature_Policy Feature
Policy] got implemented in
[https://bugzilla.mozilla.org/show_bug.cgi?id=1390801 Firefox 64ff.]
Feature Policy allows websites by different means (e.g. via the `Feature-
Policy` header) to enable/disable plethora of features providing website
owners a very fine-grained control over them. We should make sure that our
first-party isolation and fingerprinting resistance is not impacted by
that.
This feature is only available on nightly by default as of Firefox 73 but
that might change soon.
It can be controlled by
[https://bugzilla.mozilla.org/show_bug.cgi?id=1507230 two preferences],
`dom.security.featurePolicy.header.enabled` and
`dom.security.featurePolicy.webidl.enabled`.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/32714>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list