Hi Erinn and Andrew!
[NB: before replying to this email, you might want to know
tails-dev@??? is the *publicly archived* T(A)ILS development
mailing list]
In the process of writting the soon-to-be-released T(A)ILS [0]
specification and security design document, we (T(A)ILS developers)
have compared T(A)ILS configuration files with the Tor Browser Bundle
ones.
[0]
https://amnesia.boum.org/
We have already merged a bunch of TBB's settings into our own Git
repository, but are not sure about three Firefox settings the TBB is
using:
* pref("browser.chrome.favicons", false);
* pref("browser.chrome.site_icons", false);
* pref("browser.chrome.image_icons.max_size", 0);
Studying the Git log shows these settings were added by Andrew in
commit 5dea9a12 (svn:r19603), along with a dozen or so other ones. The
corresponding commit message is a bit vague: "update some preferences
for a safer firefox all around".
We are interested in hearing how and why this improves the Firefox
user safety, not only in order to understand why we may want to merge
these settings in, but also in order to mention in our specification
document the attacks these settings protect against.
Bye,
--
intrigeri <intrigeri@???>
| GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
| OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc
| Do not be trapped by the need to achieve anything.
| This way, you achieve everything.
