Opened 21 months ago

Last modified 16 months ago

#25559 new defect

Miscellaneous security- and privacy-related prefs for Tor Browser

Reported by: arthuredelstein Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: tbb-security, ff60-esr
Cc: jkt@…, francois@… Actual Points:
Parent ID: #20843 Points:
Reviewer: Sponsor:

Description

JKT has been working on some prefs he suggested we might consider:

  • Security.mixed_content.upgrade_display_content
    • Upgrades passive mixed content to HTTPS transparently
  • Network.ftp.enabled
    • disable FTP
  • security.insecure_connection_icon.enabled and security.insecure_connection_icon.pbmode.enabled
  • security.insecure_connection_text.enabled and security.insecure_connection_text.pbmode.enabled
    • Both of these mark HTTP connections as insecure. One with a broken lock icon, the other with text saying ‘Not Secure’
  • Insecure flash content:
    • security.mixed_content.block_object_subrequest
  • Sensors:
  • dom.registerProtocolHandler.insecure.enabled
  • browser.cache.offline.insecure.enable
  • dom.registerContentHandler.enabled

Others being pondered:

  • Http-disabled
    • I believe this is to block all HTTP connections.

Child Tickets

Change History (3)

comment:1 Changed 21 months ago by cypherpunks

  • Security.mixed_content.upgrade_display_content
  • * Upgrades passive mixed content to HTTPS transparently

That's #25352

Both of these mark HTTP connections as insecure. One with a broken lock icon, the other with text saying ‘Not Secure’

That's #25204

comment:2 Changed 21 months ago by fmarier

Cc: francois@… added

comment:3 Changed 16 months ago by traumschule

Parent ID: #20843
Note: See TracTickets for help on using tickets.