investigate Firefox SSL for things that might allow user tracking
From a comment by Patrick McManus:
(In reply to David Keeler (:keeler) [use needinfo?] from comment legacy/trac#5 (closed))
mcmanus, are there other TLS features that are enabled by default that would allow tracking users? (The aim of this bug is to add an option that would prevent that sort of thing.)
sure - at various levels of granularity. None as extreme as session tickets. Anything that keeps state, right?
some that come to mind:
- the version intolerance cache
- our false start behavior involves "have I seen this algorithm before"
- the hsts database