[tor-bugs] #3100 [TorBrowserButton]: Reduce security prefs into a few groups
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Sat Sep 8 19:01:55 UTC 2012
#3100: Reduce security prefs into a few groups
------------------------------------------+---------------------------------
Reporter: mikeperry | Owner: mikeperry
Type: defect | Status: new
Priority: major | Milestone: TorBrowserBundle 2.3.x-stable
Component: TorBrowserButton | Version:
Keywords: tbb-disk-leak, tbb-usability | Parent:
Points: | Actualpoints:
------------------------------------------+---------------------------------
Old description:
> We should reduce the number of preferences into levels of security rather
> than the myriad of individual behavior controls we have now.
>
> Reducing the number of options can reduce the ability of users to
> fragment themselves into different anonymity sets through fingerprinting.
>
> Our translators will hate us for a while, but there will be less words to
> translate total.
>
> I want to get the set down to the following four options:
>
> - Record Browsing History on Disk
> - Record Tor Cookies on Disk
>
> - Block Plugins
> - Resist Fingerprinting
>
> I don't think we need much else. The rest of the options will remain
> buried in about:config.
>
> The last two should also be removed once we get a better per-site Privacy
> UI (see #5273 and the UI mockup in
> https://www.torproject.org/projects/torbrowser/design/#identifier-
> linkability)
New description:
We should reduce the number of preferences into levels of security rather
than the myriad of individual behavior controls we have now.
Reducing the number of options can reduce the ability of users to fragment
themselves into different anonymity sets through fingerprinting.
Our translators will hate us for a while, but there will be less words to
translate total.
I want to get the set down to the following options:
- Record Browsing History on Disk
- Record Tor Cookies on Disk
- Defend against Third Party Tracking
- Resist Fingerprinting
- Block Plugins
Those last two might be better as per-site options.
I don't think we need much else. The rest of the options will remain
buried in about:config.
The last two should also be removed once we get a better per-site Privacy
UI (see #5273 and the UI mockup in
https://www.torproject.org/projects/torbrowser/design/#identifier-
linkability)
--
Comment(by mikeperry):
I think "Defend against third party tracking" probably should be its own
option, since the way we do it now involves disabling stuff like DOM
Storage and third party cookies, which may actually break more than the
ideal solution would.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/3100#comment:11>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list