Re: [Tails-dev] review release notes for 1.4

Delete this message

Reply to this message
Author: sajolida
Date:  
To: The Tails public development discussion list
Subject: Re: [Tails-dev] review release notes for 1.4
intrigeri:
> sajolida wrote (06 May 2015 15:50:18 GMT) :
>> The release notes for 1.4 are ready for review. That's ticket #9331.
>
> Yay! Great piece of writing. Comments follow.
>
> It feel strange to mention an I2P minor release, but not a Tor major
> new version.


Fixed.

> Also, I've no idea what "floodfill performance" is in
> this context.


The context being I2P, it seems to be a core concept of the way I2P
maintains the database describing its network:

https://geti2p.net/en/docs/how/network-database

That's jargon to me but I guess that I2P freaks might find that relevant
or at least as relevant as mentioning a version number without any
additional information.

> I find the example provided for "Tor isolates better the connections
> to **third-party content**" unconvincing:


That was my interpretation of the Tor Browser 4.5 release notes (Privacy
Improvements section).

>> - Tor isolates better the connections to **third-party content**
>> included on the websites that you visit. For example, the connection
>> made through a *like* button from Facebook, Twitter, or Google+ is
>> now going through the same circuit as the connections made to the
>> website. This prevents third-party websites from correlating your
>> visits to different websites.
>
> The fact that 3rd-party resource fetches go through the same circuit
> as the originally requested page, in itself, doesn't prevent any
> correlation.


Why?

> It only becomes the case once *combined* with the fact
> that different tabs won't use the same circuit.
>
> So, introducing it
> with "For example" seems incorrect to me. Now, clearly that's a pretty
> tough one to phrase => good luck.


I experience something different here.

1. When I open one tab to accessnow.org in my browser, the connections
to accessnow, googleapis, youtube, etc. go through one or two different
circuits.

1. When I open many tabs to accessnow.org (say four more), the
connections to accessnow and the third-parties go through the same one
or two different circuits as when I only had one tab.

If I look for the word "tab" in the Tor Browser design document [1], I
can't find anything related to "different tabs won't use the same
circuit". But only to "URL bar" isolation.

https://www.torproject.org/projects/torbrowser/design/

It also says:

« The existing way that the user expects to use a browser must be
preserved. If the user has to maintain a different mental model of how
the sites they are using behave depending on tab, browser state, or
anything else that would not normally be what they experience in their
default browser, the user will inevitably be confused. »

Did I misunderstood something? I can pretend to really understand the
release notes for Tor Browser 4.5, with all their "blob URIs" and
"SharedWorker API", so that might as well be the case.

> I'm not sure if it's worth mentioning "Add Debian Jessie to the list
> of APT sources", especially in the "Fixed problems" section, since 1.
> we already had Jessie sources in 1.3.2, just named differently; 2.
> it doesn't fix any problem that 1.3.2 had, AFAIK. It does fix
> a problem 1.4 would have if we didn't do it, though -- it simply could
> not have been built. In any case, none of this is user-visible, right?


I had my additional software broken in 1.3.2 since Jessie was released.
But that's a corner case due to the fact that I had xul-ext-torbirdy so
I'll remove that.

> I don't understand this sentence: "In the browser theme of the Windows
> 8 camouflage, the default Firefox tab is user and the search bar
> is enabled."
>
> That's all :)


Ok, so I pushed those changes. Keep me updated regarding the third-party
isolation thingie.

--
sajolida