Firefox privacy and Tor Browser

Mike Perry mikeperry at fscked.org
Sun Mar 28 02:30:47 UTC 2010 

Thus spake andrew at torproject.org (andrew at torproject.org):

> On Sat, Mar 27, 2010 at 11:47:17AM -0430, mansourmoufid at gmail.com wrote 1.8K bytes in 40 lines about:
> : Firstly, about NoScript. You may wish to consider an extension named
> : RequestPolicy [1] instead. You may want to also want to consider
> : FlashBlock [2], since that is a popular attack vector.
> 
> Thanks for your thoughts.  While I'm a big fan of request policy, it
> 'breaks' the web for 95% of the users out there.  The
> slightly-above-average web user still doesn't understand the web page
> they are viewing is composed of many domains all serving up different
> parts.  Having watched people use request policy for the first time,
> they end up temporarily enabling everything, because the defaults are
> still shocking to them.

Yes. See also my comments on the blog as to why I feel that NoScript
is a better solution than RequestPolicy even if usability wasn't a factor:
https://blog.torproject.org/blog/tor-browser-bundle-gnulinux#comment-4844

> : Secondly, about a specific behavior in Firefox itself, which I think
> : Tor developers should all be aware (or reminded) of. Firefox uses
> : Google's Safe Browsing API [3] to check visited websites against a
> : Google blacklist. There have been privacy issues brought up [4]. In
> : short, Firefox's use of this API could lead to Google (or anyone
> : listening to network traffic, since it was in the clear) being able to
> : track users via a unique hash communicated with Google servers and
> : persistent across sessions (including "Private Browsing"). Bart??omiej
> : has written extensively on the subject [5]. His attempts to patch this
> : privacy leak at the time were sabotaged by Google employees [6]. This
> : behavior is optional now in Firefox 3, but still on by default [7].
> : So, Tor Browser may want to consider having this "feature" off by
> : default?
> 
> It is disabled, along with reported attack sites. It's disabled in
> prefs.js.  See
> https://svn.torproject.org/svn/torbrowser/trunk/build-scripts/config/prefs.js

Note that it is not disabled by the normal Torbutton shipped with the
installable bundles. This is because it is expected that the common
use case there is that the user will be toggling in and out of Tor
fairly frequently, which clears both this Google cookie and the
SafeBrowsing API's HMAC key (which is itself an additional
identifier).

-- 
Mike Perry
Mad Computer Scientist
fscked.org evil labs
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20100327/6e3337c9/attachment.pgp>

More information about the tor-dev mailing list