Hi,
bertagaz@??? wrote (24 Dec 2010 18:02:31 GMT) :
>> I wonder what are the security / privacy implications of having
>> these enabled. Not downloading favicons seems to be a great way to
>> appear different from other visitors. We should ask the TBB authors
>> about this.
> This might be related to the web server side, when admins did set up
> the acces log not to log IPs of visitors (by customizing their
> access log format, not by installing libapache2_mod_removeip).
> Usually in this case, firefox browsers are still logged because by
> default they ask for a favicon. If the website doesn't provide one,
> then every request is logged in error.log because of the 404 error
> made by the browser requesting a favicon.. For that reason it sounds
> like a reasonable setting. Who cares about favicon anayway? :)
I do care about favicons, and find it a really practical way to
differenciate browser tabs.
A T(A)ILS user's IP (the ExitNode's one, really) will anyway be logged
by most webservers around there, this is part of our threat model and
not something we really can do anything about at the T(A)ILS level.
Sysadmins who seriously want to avoid logging IPs should also take
care of error.log since many other things can trigger logging there
(webapps bugs, mistyped or obsolete URL, etc.); else their effort is
not useful at all. I am opposed to make the user browsing experience
worse just to avoid *some* logging of ExitNodes IP addresses by
half-finished wannabe privacy-friendly webserver setups.
The anonymity set reduction involved by not downloading favicons is
another argument that is worth considering.
Any other ideas/opinions on this topic? I think we should ask the TBB
authors for their reasons anyway.
>> > * pref("browser.chrome.image_icons.max_size", 0);
>>
>> To help users differentiate between images loaded in tabs, Firefox
>> sets the tab icon (and the icon in the Location Bar) to a small
>> version of the image.
>> If an image’s width or height is greater than this number, the default
>> icon is displayed instead of a thumbnail. The default value is 1024.
>> Setting it to 0 will disable image thumbnails.
>>
>> I also wonder why they disabled this.
> Maybe if the tab icon is not a thumbnail of the image, iceweasel try to
> request the website's favicon?
Seems like we are clueless and need to ask the TBB authors about this.
>> > * pref("browser.download.manager.retention", 1);
>>
>> When to remove downloaded files' entries from the Download Manager
>> 0: Upon successful download
>> 1: When the browser exits
>> 2 (default): Manually
>>
>> TBB's configuration seems great and worth being stealed in T(A)ILS but
>> doesn't Torbutton already do this?
> Not sure about this. 0 would sound better to me if Torbutton did not.
Seems like we've been using 0 for ages actually => already done.
>> > * pref("browser.privatebrowsing.autostart", true);
>>
>> Firefox' so-called private browsing mode is documented here:
>> https://wiki.mozilla.org/Firefox3.1/PrivateBrowsing/SecurityReview
>>
>> I am not sure how enabling this interacts with Torbutton.
> Not sure either. I'm wondering if private mode bypass any installed
> extensions/plugins.
Well, let's trust the TBB developers. I've enabled this in the devel
branch, should now be tested.
>> > * pref("browser.sessionstore.privacy_level", 2);
>>
>> http://kb.mozillazine.org/Browser.sessionstore.privacy_level
>>
>> 0 = Store extra session data for any site.
>> 1 = Store extra session data for unencrypted (non-HTTPS) sites only. (Default)
>> 2 = Never store extra session data.
>>
>> Seems to me Torbutton already does this, doesn't it?
> Sure, but maybe it's still good to set that up.
We already set browser.sessionstore.enabled to false, but I
nevertheless merged this one in.
> Anyway, I guess it could be a good thing to inteact with TBBT author, and
> this unresolved questions might be a good start.
Sure. It seems to me these three ones are those we are still not sure about:
* pref("browser.chrome.favicons", false);
* pref("browser.chrome.site_icons", false);
* pref("browser.chrome.image_icons.max_size", 0);
Who wants to ask the TBB authors about this?
Bye,
--
intrigeri <intrigeri@???>
| GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
| OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc
| Who wants a world in which the guarantee that we shall not
| die of starvation would entail the risk of dying of boredom ?
