Changes

Page history
Removed reference to 'other implementations' from privacy and security sections authored by Richard Pospesel's avatar Richard Pospesel
Show whitespace changes
Inline Side-by-side
Design-Documents/Tor-Browser-Design-Doc.md
View page @ afda5ddb
......@@ -104,11 +104,6 @@ For the an up-to-date list of the currently included pluggable transports, pleas
These browser design requirements are meant to describe the properties of a Private Browsing Mode that defends against both network and local forensic adversaries.
There are two main categories of requirements: [Security Requirements](#21-security-requirements), and [Privacy Requirements](#22-privacy-requirements).
Security Requirements are the minimum properties in order for a browser to be able to support Tor and similar privacy proxies safely.
Privacy requirements are the set of properties that cause us to prefer one browser over another.
`TODO: this section can probably lose the generality and just talk about Tor Browser`
While we will endorse the use of browsers that meet the security requirements, it is primarily the privacy requirements that cause us to maintain our own browser distribution.
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC 2119](https://www.ietf.org/rfc/rfc2119.txt).
......@@ -116,7 +111,6 @@ The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "S
The security requirements are primarily concerned with ensuring the safe use of Tor.
Violations in these properties typically result in serious risk for the user in terms of immediate deanonymization and/or observability.
With respect to browser support, security requirements are the minimum properties in order for Tor to support the use of a particular browser.
1. [Proxy Obedience](#41-proxy-obedience)
......@@ -139,12 +133,9 @@ With respect to browser support, security requirements are the minimum propertie
### 2.2 Privacy Requirements
The privacy requirements are primarily concerned with reducing linkability: the ability for a user's activity on one site to be linked with their activity on another site without their knowledge or explicit consent.
With respect to browser support, privacy requirements are the set of properties that cause us to prefer one browser over another.
For the purposes of the unlinkability requirements of this section as well as the descriptions in the [implementation section](#4-implementation), a URL bar origin means at least the second-level DNS name.
For example, for `mail.google.com`, the origin would be `google.com`.
~Implementations MAY, at their option, restrict the URL bar origin to be the entire fully qualified domain name.~
`TODO: it seems this document in the past also talks about what other browser implementations ought to do for us to like them`
1. [Cross-Origin Identifier Unlinkability](#45-cross-origin-identifier-unlinkability)
......
......