Skip to content
Snippets Groups Projects
New look: Off

Reduce security prefs into a few groups

    • Closed Issue created by Mike Perry @mikeperry

    We should reduce the number of preferences into levels of security rather than the myriad of individual behavior controls we have now.

    Reducing the number of options can reduce the ability of users to fragment themselves into different anonymity sets through fingerprinting.

    Our translators will hate us for a while, but there will be less words to translate total.

    I want to get the set down to the following options:

    • Don't record browsing history or website data (enables Private Browsing Mode)
    • Disable browser plugins (such as Flash)
    • Restrict third party cookies and other tracking data
    • Change details that distinguish you from other Tor Browser users

    Those last two might be better as per-site options.

    I don't think we need much else. The rest of the options will remain buried in about:config.

    The last two should also be removed once we get a better per-site Privacy UI (see #5273 (closed) and the UI mockup in https://www.torproject.org/projects/torbrowser/design/#identifier-linkability)

    To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information

    Child items ...

    • Activity

    • Mike Perry changed milestone to %TorBrowserBundle 2.3.x-stable

      changed milestone to %TorBrowserBundle 2.3.x-stable

    • Mike Perry added MikePerry201302d actualpoints::12 component::torbrowserbutton milestone::TorBrowserBundle 2.3.x-stable owner::mikeperry priority::high resolution::fixed status::closed tbb-disk-leak tbb-usability type::defect labels

      added MikePerry201302d actualpoints::12 component::torbrowserbutton milestone::TorBrowserBundle 2.3.x-stable owner::mikeperry priority::high resolution::fixed status::closed tbb-disk-leak tbb-usability type::defect labels

    • Mike Perry
      Mike Perry @mikeperry ·
      Author

      Trac:
      Description: We should reduce the number of preferences into levels of security rather than the myriad of individual behavior controls we have now.

      Our translators will hate us for a while, but there will be less words to translate total.

      to

      We should reduce the number of preferences into levels of security rather than the myriad of individual behavior controls we have now.

      Our translators will hate us for a while, but there will be less words to translate total.

      I want to get the set down to the following four options:

      • Block Plugins
      • Resist Fingerprinting
      • Record Browsing History on Disk
      • Record Tor Cookies on Disk

      I don't think we need much else. The rest of the options will remain buried in about:config.

    • Mike Perry
      Mike Perry @mikeperry ·
      Author

      Trac:
      Description: We should reduce the number of preferences into levels of security rather than the myriad of individual behavior controls we have now.

      Our translators will hate us for a while, but there will be less words to translate total.

      I want to get the set down to the following four options:

      • Block Plugins
      • Resist Fingerprinting
      • Record Browsing History on Disk
      • Record Tor Cookies on Disk

      I don't think we need much else. The rest of the options will remain buried in about:config.

      to

      We should reduce the number of preferences into levels of security rather than the myriad of individual behavior controls we have now.

      Our translators will hate us for a while, but there will be less words to translate total.

      I want to get the set down to the following four options:

      • Block Plugins
      • Resist Fingerprinting
      • Record Browsing History on Disk
      • Record Tor Cookies on Disk

      I don't think we need much else. The rest of the options will remain buried in about:config.

      FYI: We need to disable "Permanent Private Browsing Mode" to allow us to record history again.

    • Mike Perry
      Mike Perry @mikeperry ·
      Author

      Trac:
      Summary: Transform security prefs into slider/groups to Reduce security prefs into a few groups
      Description: We should reduce the number of preferences into levels of security rather than the myriad of individual behavior controls we have now.

      Our translators will hate us for a while, but there will be less words to translate total.

      I want to get the set down to the following four options:

      • Block Plugins
      • Resist Fingerprinting
      • Record Browsing History on Disk
      • Record Tor Cookies on Disk

      I don't think we need much else. The rest of the options will remain buried in about:config.

      FYI: We need to disable "Permanent Private Browsing Mode" to allow us to record history again.

      to

      We should reduce the number of preferences into levels of security rather than the myriad of individual behavior controls we have now.

      Reducing the number of options can reduce the ability of users to fragment themselves into different anonymity sets through fingerprinting.

      Our translators will hate us for a while, but there will be less words to translate total.

      I want to get the set down to the following four options:

      • Block Plugins
      • Resist Fingerprinting
      • Record Browsing History on Disk
      • Record Tor Cookies on Disk

      I don't think we need much else. The rest of the options will remain buried in about:config.

      FYI: We need to disable "Permanent Private Browsing Mode" to allow us to record history again.

    • Mike Perry
      Mike Perry @mikeperry ·
      Author

      Trac:
      Milestone: N/A to TorBrowserBundle 2.3.x-stable

    • Mike Perry
      Mike Perry @mikeperry ·
      Author

      We should keep the existing prefs in an "Advanced" pane, as they will be useful for debugging to isolate the source of breakage.

    • Mike Perry
      Mike Perry @mikeperry ·
      Author

      #4220 (closed) was dupped to this. We should also stop enforcing weird prefs like the update pref on every startup.

    • Trac
      Trac @tracbot ·

      Trac:
      Username: pmezard
      Cc: N/A to pmezard@gmail.com

    • Mike Perry
      Mike Perry @mikeperry ·
      Author

      We've had enough random regressions due to Private Browsing Mode protecting users against disk leaks that we've custom coded that shipping it on by default and governed by the third option would save us a lot of headache.

      Trac:
      Keywords: N/A deleted, tbb-disk-leak added
      Type: enhancement to defect

    • intrigeri
      intrigeri @intrigeri ·

      Trac:
      Cc: pmezard@gmail.com to pmezard@gmail.com, intrigeri@boum.org

    • Mike Perry
      Mike Perry @mikeperry ·
      Author

      Block plugins and resist fingerprinting should not be a global choices long-term. See #5273 (closed) and the updated design doc.

      Trac:
      Description: We should reduce the number of preferences into levels of security rather than the myriad of individual behavior controls we have now.

      Reducing the number of options can reduce the ability of users to fragment themselves into different anonymity sets through fingerprinting.

      Our translators will hate us for a while, but there will be less words to translate total.

      I want to get the set down to the following four options:

      • Block Plugins
      • Resist Fingerprinting
      • Record Browsing History on Disk
      • Record Tor Cookies on Disk

      I don't think we need much else. The rest of the options will remain buried in about:config.

      FYI: We need to disable "Permanent Private Browsing Mode" to allow us to record history again.

      to

      We should reduce the number of preferences into levels of security rather than the myriad of individual behavior controls we have now.

      Reducing the number of options can reduce the ability of users to fragment themselves into different anonymity sets through fingerprinting.

      Our translators will hate us for a while, but there will be less words to translate total.

      I want to get the set down to the following four options:

      • Record Browsing History on Disk

      • Record Tor Cookies on Disk

      • Block Plugins

      • Resist Fingerprinting

      I don't think we need much else. The rest of the options will remain buried in about:config.

      The last two should also be removed once we get a better per-site Privacy UI (see #5273 (closed) and the UI mockup in https://www.torproject.org/projects/torbrowser/design/#identifier-linkability)
      Keywords: N/A deleted, tbb-usability added

    • Mike Perry
      Mike Perry @mikeperry ·
      Author

      I think "Defend against third party tracking" probably should be its own option, since the way we do it now involves disabling stuff like DOM Storage and third party cookies, which may actually break more than the ideal solution would.

      Trac:
      Description: We should reduce the number of preferences into levels of security rather than the myriad of individual behavior controls we have now.

      Reducing the number of options can reduce the ability of users to fragment themselves into different anonymity sets through fingerprinting.

      Our translators will hate us for a while, but there will be less words to translate total.

      I want to get the set down to the following four options:

      • Record Browsing History on Disk

      • Record Tor Cookies on Disk

      • Block Plugins

      • Resist Fingerprinting

      I don't think we need much else. The rest of the options will remain buried in about:config.

      The last two should also be removed once we get a better per-site Privacy UI (see #5273 (closed) and the UI mockup in https://www.torproject.org/projects/torbrowser/design/#identifier-linkability)

      to

      We should reduce the number of preferences into levels of security rather than the myriad of individual behavior controls we have now.

      Reducing the number of options can reduce the ability of users to fragment themselves into different anonymity sets through fingerprinting.

      Our translators will hate us for a while, but there will be less words to translate total.

      I want to get the set down to the following options:

      • Record Browsing History on Disk

      • Record Tor Cookies on Disk

      • Defend against Third Party Tracking

      • Resist Fingerprinting

      • Block Plugins

      Those last two might be better as per-site options.

      I don't think we need much else. The rest of the options will remain buried in about:config.

      The last two should also be removed once we get a better per-site Privacy UI (see #5273 (closed) and the UI mockup in https://www.torproject.org/projects/torbrowser/design/#identifier-linkability)

    • Georg Koppen
      Georg Koppen @gk ·

      Replying to mikeperry:

      I think "Defend against third party tracking" probably should be its own option, since the way we do it now involves disabling stuff like DOM Storage and third party cookies, which may actually break more than the ideal solution would. That label seems misleading to me: Fingerprinting might be done by third parties as well and is a means of tracking, too. Thus, if a user checks "Defend against third party tracking" she might come to think that fingerprinting is handled as well (which is not the case) which could lead to unexpected behavior. Maybe something like "Defend against third party identifiers" might fit better here.

      Trac:
      Cc: pmezard@gmail.com, intrigeri@boum.org to pmezard@gmail.com, intrigeri@boum.org, g.koppen@jondos.de

    • Mike Perry
      Mike Perry @mikeperry ·
      Author

      Trac:
      Keywords: N/A deleted, MikePerry201212d added

    • Mike Perry
      Mike Perry @mikeperry ·
      Author

      Trac:
      Keywords: MikePerry201212d deleted, MikePerry201302d added

    • Mike Perry
      Mike Perry @mikeperry ·
      Author

      I'm tentatively going with these four strings (see description update).

      Trac:
      Description: We should reduce the number of preferences into levels of security rather than the myriad of individual behavior controls we have now.

      Reducing the number of options can reduce the ability of users to fragment themselves into different anonymity sets through fingerprinting.

      Our translators will hate us for a while, but there will be less words to translate total.

      I want to get the set down to the following options:

      • Record Browsing History on Disk

      • Record Tor Cookies on Disk

      • Defend against Third Party Tracking

      • Resist Fingerprinting

      • Block Plugins

      Those last two might be better as per-site options.

      I don't think we need much else. The rest of the options will remain buried in about:config.

      The last two should also be removed once we get a better per-site Privacy UI (see #5273 (closed) and the UI mockup in https://www.torproject.org/projects/torbrowser/design/#identifier-linkability)

      to

      We should reduce the number of preferences into levels of security rather than the myriad of individual behavior controls we have now.

      Reducing the number of options can reduce the ability of users to fragment themselves into different anonymity sets through fingerprinting.

      Our translators will hate us for a while, but there will be less words to translate total.

      I want to get the set down to the following options:

      • Block all disk writes (Private Browsing Mode)
      • Prevent third party identifier tracking
      • Resist browser fingerprint tracking
      • Disable plugins during Tor usage (crucial)

      Those last two might be better as per-site options.

      I don't think we need much else. The rest of the options will remain buried in about:config.

      The last two should also be removed once we get a better per-site Privacy UI (see #5273 (closed) and the UI mockup in https://www.torproject.org/projects/torbrowser/design/#identifier-linkability)

    • Nick Mathewson
      Nick Mathewson @nickm ·

      I think those options are going to need more explanation.

      I vote for something like:

        _ 
 |_| Option description

    Long option description. Lorem ipsum dolor sit amet, consectetur adipiscing elit.
    Ut sed libero at justo mollis lobortis id nec neque. Donec mattis vulputate condimentum. In
    sollicitudin lorem ac purus aliquam aliquet. Aliquam hendrerit mollis dolor, non fringilla 

  _ 
 |_| nunc eleifend vitae. 

    Cum sociis natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus.
    Sed iaculis, eros ac dapibus dictum, erat elit tempor sem, accumsan accumsan mi enim
    bibendum quam. Nulla facilisi. Donec libero eros, pretium vel feugiat non, mattis in neque. 
...

      For each option, we should explain what it does, why you want to leave it on, under what circumstances (if any) you might want to disable it, and what the risks of turning it off might be.

      Also, if possible, we should use the same verb for all the options if we mean the same thing. "Block", "prevent", "resist", and "disable" all mean approximately but not exactly the same thing -- if we're trying to get across a subtle gradation of meaning there, it's probably too subtle. If we're trying to communicate the same thing, though, we should probably use the same verb.

    • Mike Perry
      Mike Perry @mikeperry ·
      Author

      Trac:
      Description: We should reduce the number of preferences into levels of security rather than the myriad of individual behavior controls we have now.

      Reducing the number of options can reduce the ability of users to fragment themselves into different anonymity sets through fingerprinting.

      Our translators will hate us for a while, but there will be less words to translate total.

      I want to get the set down to the following options:

      • Block all disk writes (Private Browsing Mode)
      • Prevent third party identifier tracking
      • Resist browser fingerprint tracking
      • Disable plugins during Tor usage (crucial)

      Those last two might be better as per-site options.

      I don't think we need much else. The rest of the options will remain buried in about:config.

      The last two should also be removed once we get a better per-site Privacy UI (see #5273 (closed) and the UI mockup in https://www.torproject.org/projects/torbrowser/design/#identifier-linkability)

      to

      We should reduce the number of preferences into levels of security rather than the myriad of individual behavior controls we have now.

      Reducing the number of options can reduce the ability of users to fragment themselves into different anonymity sets through fingerprinting.

      Our translators will hate us for a while, but there will be less words to translate total.

      I want to get the set down to the following options:

      • Block all browsing history (enables Private Browsing Mode)
      • Disable browser plugins (such as Flash)
      • Restrict third party cookies and other tracking data
      • Change details that distinguish you from other Tor Browser users

      Those last two might be better as per-site options.

      I don't think we need much else. The rest of the options will remain buried in about:config.

      The last two should also be removed once we get a better per-site Privacy UI (see #5273 (closed) and the UI mockup in https://www.torproject.org/projects/torbrowser/design/#identifier-linkability)

    • Mike Perry
      Mike Perry @mikeperry ·
      Author

      Trac:
      Description: We should reduce the number of preferences into levels of security rather than the myriad of individual behavior controls we have now.

      Reducing the number of options can reduce the ability of users to fragment themselves into different anonymity sets through fingerprinting.

      Our translators will hate us for a while, but there will be less words to translate total.

      I want to get the set down to the following options:

      • Block all browsing history (enables Private Browsing Mode)
      • Disable browser plugins (such as Flash)
      • Restrict third party cookies and other tracking data
      • Change details that distinguish you from other Tor Browser users

      Those last two might be better as per-site options.

      I don't think we need much else. The rest of the options will remain buried in about:config.

      The last two should also be removed once we get a better per-site Privacy UI (see #5273 (closed) and the UI mockup in https://www.torproject.org/projects/torbrowser/design/#identifier-linkability)

      to

      We should reduce the number of preferences into levels of security rather than the myriad of individual behavior controls we have now.

      Reducing the number of options can reduce the ability of users to fragment themselves into different anonymity sets through fingerprinting.

      Our translators will hate us for a while, but there will be less words to translate total.

      I want to get the set down to the following options:

      • Don't record browsing history or website data (enables Private Browsing Mode)
      • Disable browser plugins (such as Flash)
      • Restrict third party cookies and other tracking data
      • Change details that distinguish you from other Tor Browser users

      Those last two might be better as per-site options.

      I don't think we need much else. The rest of the options will remain buried in about:config.

      The last two should also be removed once we get a better per-site Privacy UI (see #5273 (closed) and the UI mockup in https://www.torproject.org/projects/torbrowser/design/#identifier-linkability)

    • Loading
    • Loading
    • Loading
    • Loading
    • Loading
    • Loading
    • Loading
    • Loading
    • Loading
    • Loading
    Please register or sign in to reply