[tor-commits] [tor-browser-spec/master] Full spell check.

mikeperry at torproject.org mikeperry at torproject.org
Wed May 6 00:40:51 UTC 2015


commit 593110b026b1e6c823d1cf96af73aa2d87abb900
Author: Mike Perry <mikeperry-git at torproject.org>
Date:   Tue May 5 17:38:22 2015 -0700

    Full spell check.
---
 design-doc/design.xml |   72 ++++++++++++++++++++++++-------------------------
 1 file changed, 36 insertions(+), 36 deletions(-)

diff --git a/design-doc/design.xml b/design-doc/design.xml
index 96a232b..5765a51 100644
--- a/design-doc/design.xml
+++ b/design-doc/design.xml
@@ -23,7 +23,7 @@
      <address><email>sjmurdoch#torproject org</email></address>
     </affiliation>
    </author>
-   <pubdate>April 30th, 2015</pubdate>
+   <pubdate>May 5th, 2015</pubdate>
  </articleinfo>
 
 <sect1>
@@ -241,9 +241,9 @@ to prefer one browser over another.
 
 For the purposes of the unlinkability requirements of this section as well as
 the descriptions in the <link linkend="Implementation">implementation
-section</link>, a <command>url bar origin</command> means at least the
+section</link>, a <command>URL bar origin</command> means at least the
 second-level DNS name.  For example, for mail.google.com, the origin would be
-google.com. Implementations MAY, at their option, restrict the url bar origin
+google.com. Implementations MAY, at their option, restrict the URL bar origin
 to be the entire fully qualified domain name.
 
    </para>
@@ -253,8 +253,8 @@ to be the entire fully qualified domain name.
 Identifier Unlinkability</command></link> 
   <para>
 
-User activity on one url bar origin MUST NOT be linkable to their activity in
-any other url bar origin by any third party automatically or without user
+User activity on one URL bar origin MUST NOT be linkable to their activity in
+any other URL bar origin by any third party automatically or without user
 interaction or approval. This requirement specifically applies to linkability
 from stored browser identifiers, authentication tokens, and shared state. The
 requirement does not apply to linkable information the user manually submits
@@ -268,8 +268,8 @@ login in a substantial way.
 Fingerprinting Unlinkability</command></link> 
   <para>
 
-User activity on one url bar origin MUST NOT be linkable to their activity in
-any other url bar origin by any third party. This property specifically applies to
+User activity on one URL bar origin MUST NOT be linkable to their activity in
+any other URL bar origin by any third party. This property specifically applies to
 linkability from fingerprinting browser behavior.
 
   </para>
@@ -345,7 +345,7 @@ Therefore, if plugins are to be enabled in private browsing modes, they must
 be restricted from running automatically on every page (via click-to-play
 placeholders), and/or be sandboxed to restrict the types of system calls they
 can execute. If the user agent allows the user to craft an exemption to allow
-a plugin to be used automatically, it must only apply to the top level url bar
+a plugin to be used automatically, it must only apply to the top level URL bar
 domain, and not to all sites, to reduce cross-origin fingerprinting
 linkability.
 
@@ -367,10 +367,10 @@ system-wide and/or operating system provided addons or plugins.
 Instead of global browser privacy options, privacy decisions should be made
 <ulink
 url="https://wiki.mozilla.org/Privacy/Features/Site-based_data_management_UI">per
-url bar origin</ulink> to eliminate the possibility of linkability
+URL bar origin</ulink> to eliminate the possibility of linkability
 between domains. For example, when a plugin object (or a Javascript access of
 window.plugins) is present in a page, the user should be given the choice of
-allowing that plugin object for that url bar origin only. The same
+allowing that plugin object for that URL bar origin only. The same
 goes for exemptions to third party cookie policy, geolocation, and any other
 privacy permissions.
      </para>
@@ -397,7 +397,7 @@ third parties, rather than a list of specific URLs or hosts.
      <para>
 Filter-based addons can also introduce strange breakage and cause usability
 nightmares, and will also fail to do their job if an adversary simply
-registers a new domain or creates a new url path. Worse still, the unique
+registers a new domain or creates a new URL path. Worse still, the unique
 filter sets that each user creates or installs will provide a wealth of
 fingerprinting targets.
       </para>
@@ -534,7 +534,7 @@ In some cases, the adversary may opt for a heavy-handed approach, such as
 seizing the computers of all Tor users in an area (especially after narrowing
 the field by the above two pieces of information). History records and cache
 data are the primary goals here. Secondary goals may include confirming
-on-disk identifiers (such as hostname and disk-logged spoofed MAC adddress
+on-disk identifiers (such as hostname and disk-logged spoofed MAC address
 history) obtained by other means.
 
      </para>
@@ -699,7 +699,7 @@ AdBlock and other privacy filters can be used to fingerprint request patterns
 
 Javascript can reveal a lot of fingerprinting information. It provides DOM
 objects such as window.screen and window.navigator to extract information
-about the useragent. 
+about the user agent. 
 
 Also, Javascript can be used to query the user's timezone via the
 <function>Date()</function> object, <ulink
@@ -931,7 +931,7 @@ activity in the source tree that did not use the browser proxy settings.
 
 We have verified that these settings and patches properly proxy HTTPS, OCSP,
 HTTP, FTP, gopher (now defunct), DNS, SafeBrowsing Queries, all JavaScript
-activity, including HTML5 audio and video objects, addon updates, wifi
+activity, including HTML5 audio and video objects, addon updates, WiFi
 geolocation queries, searchbox queries, XPCOM addon HTTPS/HTTP activity,
 WebSockets, and live bookmark updates. We have also verified that IPv6
 connections are not attempted, through the proxy or otherwise (Tor does not
@@ -1126,10 +1126,10 @@ referred to as "double-keying".
 
 The benefit of this approach comes not only in the form of reduced
 linkability, but also in terms of simplified privacy UI. If all stored browser
-state and permissions become associated with the url bar origin, the six or
+state and permissions become associated with the URL bar origin, the six or
 seven different pieces of privacy UI governing these identifiers and
 permissions can become just one piece of UI. For instance, a window that lists
-the url bar origin for which browser state exists, possibly with a
+the URL bar origin for which browser state exists, possibly with a
 context-menu option to drill down into specific types of state or permissions.
 An example of this simplification can be seen in Figure 1.
 
@@ -1144,7 +1144,7 @@ An example of this simplification can be seen in Figure 1.
 
 This example UI is a mock-up of how isolating identifiers to the URL bar
 origin can simplify the privacy UI for all data - not just cookies. Once
-browser identifiers and site permissions operate on a url bar basis, the same
+browser identifiers and site permissions operate on a URL bar basis, the same
 privacy window can represent browsing history, DOM Storage, HTTP Auth, search
 form history, login values, and so on within a context menu for each site.
 
@@ -1167,11 +1167,11 @@ date:
     <listitem><command>Cookies</command>
      <para><command>Design Goal:</command>
 
-All cookies MUST be double-keyed to the url bar origin and third-party
+All cookies MUST be double-keyed to the URL bar origin and third-party
 origin. There exists a <ulink
 url="https://bugzilla.mozilla.org/show_bug.cgi?id=565965">Mozilla bug</ulink>
 that contains a prototype patch, but it lacks UI, and does not apply to modern
-Firefoxes.
+Firefox versions.
 
      </para>
      <para><command>Implementation Status:</command>
@@ -1203,7 +1203,7 @@ property prepended, which will list the FQDN that was used to source it.
 Additionally, because the image cache is a separate entity from the content
 cache, we had to patch Firefox to also <ulink
 url="https://gitweb.torproject.org/tor-browser.git/commit/?h=tor-browser-31.6.0esr-4.5-1&id=d8b98a75fb200268c40886d876adc19e00b933bf">isolate
-this cache per url bar domain</ulink>.
+this cache per URL bar domain</ulink>.
 
      </para>
     </listitem>
@@ -1222,7 +1222,7 @@ to nsHTTPChannel</ulink>.
     <listitem><command>DOM Storage</command>
      <para>
 
-DOM storage for third party domains MUST be isolated to the url bar origin,
+DOM storage for third party domains MUST be isolated to the URL bar origin,
 to prevent linkability between sites. This functionality is provided through a
 <ulink
 url="https://gitweb.torproject.org/tor-browser.git/commit/?h=tor-browser-31.6.0esr-4.5-1&id=97490c4a90ca1c43374486d9ec0c5593d5fe5720">patch
@@ -1252,7 +1252,7 @@ file on Windows, so Flash remains difficult to enable.
     <listitem><command>SSL+TLS session resumption</command>
      <para><command>Design Goal:</command>
 
-TLS session resumption tickets and SSL Session IDs MUST be limited to the url
+TLS session resumption tickets and SSL Session IDs MUST be limited to the URL
 bar origin.
 
      </para>
@@ -1355,8 +1355,8 @@ To prevent attacks aimed at subverting the Cross-Origin Identifier
 Unlinkability <link linkend="privacy">privacy requirement</link>, the browser
 MUST NOT store any identifiers (cookies, cache, DOM storage, HTTP auth, etc)
 for cross-origin redirect intermediaries that do not prompt for user input.
-For example, if a user clicks on a bit.ly url that redirects to a
-doubleclick.net url that finally redirects to a cnn.com url, only cookies from
+For example, if a user clicks on a bit.ly URL that redirects to a
+doubleclick.net URL that finally redirects to a cnn.com URL, only cookies from
 cnn.com should be retained after the redirect chain completes.
 
     </para>
@@ -1393,7 +1393,7 @@ that utilize this property to function, we reset the window.name property of
 tabs in Torbutton every time we encounter a blank Referer. This behavior
 allows window.name to persist for the duration of a click-driven navigation
 session, but as soon as the user enters a new URL or navigates between
-https/http schemes, the property is cleared.
+HTTPS/HTTP schemes, the property is cleared.
 
      </para>
     </listitem>
@@ -1425,7 +1425,7 @@ cookies based on stored HSTS state.
 
 There appears to be three options for us: 1. Disable HSTS entirely, and rely
 instead on HTTPS-Everywhere to crawl and ship rules for HSTS sites. 2.
-Restrict the number of HSTS-enabled third parties allowed per url bar origin.
+Restrict the number of HSTS-enabled third parties allowed per URL bar origin.
 3. Prevent third parties from storing HSTS rules. We have not yet decided upon
 the best approach.
 
@@ -1607,7 +1607,7 @@ method is instead relying on API behavior.
 
 In cases where simple spoofing is not enough to properly conceal underlying
 device characteristics or operating system details, the underlying
-susbsystem that provides the functionality for a feature or API may need
+subsystem that provides the functionality for a feature or API may need
 to be completely reimplemented. This is most common in cases where
 customizable or version-specific aspects of the user's operating system are
 visible through the browser's featureset or APIs, usually because the browser
@@ -1625,7 +1625,7 @@ Virtualization is needed when simply reimplementing a feature in a different
 way is insufficient to fully conceal the underlying behavior. This is most
 common in instances of device and hardware fingerprinting, but since the
 notion of time can also be virtualized, it also can apply to any instance
-where an accurate measure of wallclock time is required for a fingerprinting
+where an accurate measure of wall clock time is required for a fingerprinting
 vector to attain high accuracy.
 
    </para>
@@ -1635,7 +1635,7 @@ vector to attain high accuracy.
 
 In the event that virtualization is too expensive in terms of performance or
 engineering effort, and the relative expected usage of a feature is rare, site
-permissions can be used to prevent the usage of a feature execpt in cases
+permissions can be used to prevent the usage of a feature except in cases
 where the user actually wishes to use it. Unfortunately, this mechanism
 becomes less effective once a feature becomes widely overused and abused by
 many websites, as warning fatigue quickly sets in for most users.
@@ -1645,7 +1645,7 @@ many websites, as warning fatigue quickly sets in for most users.
   <listitem><command>Feature/Functionality Removal</command>
    <para>
 
-When extremely invasive features serve only a narrow domain or usecase, or
+When extremely invasive features serve only a narrow domain or use case, or
 there are alternate ways of accomplishing the same task, features and/or
 certain aspects of their functionality may be simply removed.
 
@@ -1721,7 +1721,7 @@ sense of security. When a fingerprinting attempt makes naive use of randomized
 information, a fingerprint will appear unstable, but may not actually be
 sufficiently randomized to prevent a dedicated adversary.  Sophisticated
 fingerprinting mechanisms may either ignore randomized information, or
-incorportate knowledge of the distribution and range of randomized values into
+incorporate knowledge of the distribution and range of randomized values into
 the creation of a more stable fingerprint (by either removing the randomness,
 modeling it, or averaging it).
 
@@ -1916,7 +1916,7 @@ We simply disable it via the pref <command>dom.gamepad.enabled</command>.
      <para>
 
 According to the Panopticlick study, fonts provide the most linkability when
-they are provided as an enumerable list in filesystem order, via either the
+they are provided as an enumerable list in file system order, via either the
 Flash or Java plugins. However, it is still possible to use CSS and/or
 Javascript to query for the existence of specific fonts. With a large enough
 pre-built list to query, a large amount of fingerprintable information may
@@ -1936,7 +1936,7 @@ and <ulink url="https://fedorahosted.org/lohit/">Lohit fonts</ulink>. The Droid
 font set is fairly complete by itself, but Nanum and Lohit have smaller
 versions of many South Asian languages. When combined in a way that chooses the
 smallest font implementations for each locale, these three font sets provide
-poverage for the all languages used on Wikipedia with more than
+coverage for the all languages used on Wikipedia with more than
 10,000 articles, and several others as well, in approximately 3MB of compressed
 overhead. The <ulink url="https://www.google.com/get/noto/">Noto font
 set</ulink> is another font set that aims for complete coverage, but is
@@ -2461,7 +2461,7 @@ encrypted website activity.
 We want to deploy a mechanism that reduces the accuracy of <ulink
 url="https://en.wikipedia.org/wiki/Feature_selection">useful features</ulink> available
 for classification. This mechanism would either impact the true and false
-positive accuracy rates, <emphasis>or</emphasis> reduce the number of webpages
+positive accuracy rates, <emphasis>or</emphasis> reduce the number of web pages
 that could be classified at a given accuracy rate.
 
      </para>
@@ -2655,7 +2655,7 @@ address the following additional sources of non-determinism:
 The most prevalent source of non-determinism in the components of Tor Browser
 by far was various ways that archives (such as zip, tar, jar/ja, DMG, and
 Firefox manifest lists) could be reordered. Many file archivers walk the
-filesystem in inode structure order by default, which will result in ordering
+file system in inode structure order by default, which will result in ordering
 differences between two different archive invocations, especially on machines
 of different disk and hardware configurations.
 
@@ -3166,7 +3166,7 @@ non-trivial number of sites that rely on the Referer header to "authenticate"
 image requests and deep-link navigation on their sites. Furthermore, there
 seems to be no real privacy benefit to taking this action by itself in a
 vacuum, because many sites have begun encoding Referer URL information into
-GET parameters when they need it to cross http to https scheme transitions.
+GET parameters when they need it to cross HTTP to HTTPS scheme transitions.
 Google's +1 buttons are the best example of this activity.
 
   </para>



More information about the tor-commits mailing list