Re: [Tails-dev] review release notes for 1.4

Delete this message

Reply to this message
Author: sajolida
Date:  
To: The Tails public development discussion list
Subject: Re: [Tails-dev] review release notes for 1.4
intrigeri:
> sajolida wrote (07 May 2015 14:15:30 GMT) :
>> intrigeri:
>>> Also, I've no idea what "floodfill performance" is in
>>> this context.
>
>> The context being I2P, it seems to be a core concept of the way I2P
>> maintains the database describing its network:
>
>> https://geti2p.net/en/docs/how/network-database
>
>> That's jargon to me but I guess that I2P freaks might find that relevant
>> or at least as relevant as mentioning a version number without any
>> additional information.
>
> OK... this concept seems to live at the same technical level as
> concepts like "bridge descriptors" or "introduction points" are for
> Tor, which I'm pretty sure we would not want to expose to users.
> But I'm not insisting: indeed telling a bit about what's new in that
> version is good, and we probably lack the I2P skills to translate this
> concept correctly into something that would be more appropriate for
> our audience.
>
>>> I find the example provided for "Tor isolates better the connections
>>> to **third-party content**" unconvincing:
>
>> That was my interpretation of the Tor Browser 4.5 release notes (Privacy
>> Improvements section).
>
>>>> - Tor isolates better the connections to **third-party content**
>>>> included on the websites that you visit. For example, the connection
>>>> made through a *like* button from Facebook, Twitter, or Google+ is
>>>> now going through the same circuit as the connections made to the
>>>> website. This prevents third-party websites from correlating your
>>>> visits to different websites.
>>>
>>> The fact that 3rd-party resource fetches go through the same circuit
>>> as the originally requested page, in itself, doesn't prevent any
>>> correlation.
>
>> Why?
>
> Let's try a few different explanations, hopefully one will work:
>
> a) Because this, in itself, doesn't isolate navigation on website1
>    from navigation on website2.

>
> b) The fact that I'm on the same train as you doesn't imply anything,
>    in itself, about whether you are on the same train as Alan.
>    Neither that you probably are, nor that you probably aren't. (Yay,
>    I know, such metaphors generally don't work, but it's worth a try.)


Understood now, thanks!

I was taking first-party isolation from granted.

>>> It only becomes the case once *combined* with the fact
>>> that different tabs won't use the same circuit.
>>>
>>> So, introducing it
>>> with "For example" seems incorrect to me. Now, clearly that's a pretty
>>> tough one to phrase => good luck.
>
>> I experience something different here. [...]
>
> Yes, you're correct. I shouldn't have written "tabs" above, but rather
> "URL bar origin".


Ok, this makes more sense.

>> Did I misunderstood something?
>
> No, I think you understood pretty well the updated Tor Browser design
> in this area. So at least we agree on the expected behaviour, and the
> only remaining problem is the "For example" phrasing that I've
> pointed out.


Now I tried a69776a. Please review. And sorry for the short deadline!

--
sajolida