From bd226c716ee464558d906ce8e55bb214f1d4d640 Mon Sep 17 00:00:00 2001 From: Roman-Nopantski Date: Sun, 19 Feb 2017 23:53:45 +1300 Subject: [PATCH] removed tor uplift investigation section I have created three issues for tracking items of interest from the tor uplift: #7 `resistFingerprinting`, #8 `FPI` and #15 `the rest` --- user.js | 71 +-------------------------------------------------------- 1 file changed, 1 insertion(+), 70 deletions(-) diff --git a/user.js b/user.js index d0fb784..a336bc5 100644 --- a/user.js +++ b/user.js @@ -1535,75 +1535,6 @@ user_pref("ghacks_user.js.parrot", "No no he's not dead, he's, he's restin'! Rem // 2614: (51+) disable SPDY // user_pref("network.http.spdy.enabled.v3-1", false); -/**- 9998: TO INVESTIGATE - TOR UPLIFT - https://wiki.mozilla.org/Security/Tor_Uplift/Tracking -// RESOLVED - // 1400's: set whitelisted system fonts only (FF52+) - // If whitelist is empty, then whitelisting is considered disabled and all fonts are allowed. - // https://bugzilla.mozilla.org/show_bug.cgi?id=1121643 - // user_pref("font.system.whitelist", ""); - // 2698-append: privacy.firstparty.isolate.restrict_opener_access - // https://bugzilla.mozilla.org/show_bug.cgi?id=1319773 -// ACTIVE - // 1200's: Isolate the HSTS and HPKP cache by first party domain - // https://bugzilla.mozilla.org/show_bug.cgi?id=1323644 - // 2400's: reduce precision of time exposed by javascript - // https://bugzilla.mozilla.org/show_bug.cgi?id=1217238 - // user_pref("javascript.options.privacy.reduce_time_precision", true); - // 2699-append: resource://URIs leak - // https://trac.torproject.org/projects/tor/ticket/8725 - // https://bugzilla.mozilla.org/show_bug.cgi?id=863246 - // test: https://www.browserleaks.com/firefox -// ASSIGNED - // 2001: preference to fully disable WebRTC JS API - // https://bugzilla.mozilla.org/show_bug.cgi?id=1314443 - // 2699-append: enable fingerprinting resistence to WebGL - // https://bugzilla.mozilla.org/show_bug.cgi?id=1217290 - // 2699-append: checkbox in about#preferences#privacy for privacy.resistFingerprinting - // when this lands, add note to 2699 - // https://bugzilla.mozilla.org/show_bug.cgi?id=1308340 - // 2699-append: use UTC timezone (spoof as UTC 0) - // https://bugzilla.mozilla.org/show_bug.cgi?id=1330890 - // 2699-append: new window sizes to round to hundreds - // Note: override values, future may enforce a select set of (inner) window measurements - // If override values are too big, the code falls back and determines it for you - // https://bugzilla.mozilla.org/show_bug.cgi?id=1330882 - // user_pref("privacy.window.maxInnerWidth", 1366); - // user_pref("privacy.window.maxInnerHeight", 768); -// BACKLOG - // 1400's: prevent local font enumeration - // https://bugzilla.mozilla.org/show_bug.cgi?id=732096 - // 1800's: disable "This Plugin is Disabled" overlay - // https://bugzilla.mozilla.org/show_bug.cgi?id=967979 - // user_pref("privacy.plugin_disabled_barrier.enabled", false); - // 2500's: disable/mitigate canvas fingerprinting - // https://bugzilla.mozilla.org/show_bug.cgi?id=1041818 - // 2500's: enable prompt (site permission) before allowing canvas data extraction - // https://bugzilla.mozilla.org/show_bug.cgi?id=967895 - // 2600's: window.name - // https://bugzilla.mozilla.org/show_bug.cgi?id=444222 - // 2698-append: checkbox in about:preferences#privacy for privacy.firstparty.isolate - // when this lands, add note to 2611 - // https://bugzilla.mozilla.org/show_bug.cgi?id=1312655 - // 2698-append: FPI and HTTP Alternative Services (see 2666) - // https://bugzilla.mozilla.org/show_bug.cgi?id=1334690 - // 2698-append: FPI and SPDY/HTTP2 - // https://bugzilla.mozilla.org/show_bug.cgi?id=1334693 - // 2699-append: disable keyboard fingerprinting - // Test: https://w3c.github.io/uievents/tools/key-event-viewer.html - // https://bugzilla.mozilla.org/show_bug.cgi?id=1222285 - // 2699-append: disable WebSpeech API - // https://bugzilla.mozilla.org/show_bug.cgi?id=1333641 - // see also: web speech exposes TTS engines - // https://bugzilla.mozilla.org/show_bug.cgi?id=1233846 - // 2699-append: spoof Navigator API - // https://bugzilla.mozilla.org/show_bug.cgi?id=1333651 - // 2699-append: set and enforce various prefs with privacy.resistFingerprinting - // https://bugzilla.mozilla.org/show_bug.cgi?id=1333933 - // 2699-append: bundle and whitelist fonts with privacy.resistFingerprinting - // https://bugzilla.mozilla.org/show_bug.cgi?id=1336208 -***/ - /**- 9999: TO INVESTIGATE - OTHER // 1600's: restrict the contents of referrers attached to cross-origin requests (FF52+) // 0- 1- 2-scheme+hostname+port @@ -1631,7 +1562,7 @@ user_pref("ghacks_user.js.parrot", "No no he's not dead, he's, he's restin'! Rem // sandbox levels (recommended to leave at what Firefox sets it to) // http://www.ghacks.net/2017/01/23/how-to-change-firefoxs-sandbox-security-level/ // security.sandbox.content.level - ***/ +***/ /**- APPENDIX A: GLOSSARY: