Changes between Version 2 and Version 3 of Ticket #20146, comment 8


Ignore:
Timestamp:
Sep 17, 2016, 2:23:33 AM (3 years ago)
Author:
jmprcx
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #20146, comment 8

    v2 v3  
    33Just wanted to add some input here and much respect to all for fixing this problem.
    44
    5 The Mozilla-proposed solution is garbage to my understanding. If HPKP is used I believe they get wiped in private browsing mode so then it offers no protection on the next startup. HPKP can also be used as a method to track user activity so some users may not want to store pins.
     5The Mozilla-proposed solution is garbage to my understanding. If HPKP is used I believe they get wiped in private browsing mode so then it offers no protection on the next startup when the static pins are expired. HPKP can also be used as a method to track user activity so some users may not want to store pins.
    66
    77I like option 2 as proposed. Also maybe it would be worthwhile to do updates over onion service only? I don't see a point in making a Tor Browser user beacon out to the clearnet for no good reason.