|
|
browser Privacy Test:
|
|
|
Testing other browsers by specific privacy test
|
|
|
make privacy across browser objective
|
|
|
Every browser claims it's "good" about privacy, how do users compare them?
|
|
|
browserprivacy.net -> browserprivacy.net/tests.html
|
|
|
|
|
|
- Three categories of tests:
|
|
|
|
|
|
- tor connectivity
|
|
|
|
|
|
- cookies (super cookies)
|
|
|
|
|
|
- Fingerprinting
|
|
|
|
|
|
- This is very technical, provide a higher-level activist focused matrix
|
|
|
|
|
|
- Currently run manually, running nightly build tests would be better
|
|
|
|
|
|
- Can panopticlick use or benefit from this?
|
|
|
|
|
|
- Feedback to OpenWPM?
|
|
|
|
|
|
|
|
|
Brave has a Private Tab that uses Tor
|
|
|
|
|
|
- Began 1 year ago
|
|
|
|
|
|
- Added "Private Tab with Tor"
|
|
|
|
|
|
- Reduce fingerprinting
|
|
|
|
|
|
- Disable leaky features (webrtc, etc)
|
|
|
|
|
|
- Starts Tor when the first Private Tab with Tor is created
|
|
|
|
|
|
- This tab tries to match most users expectations of a Private Tab
|
|
|
|
|
|
- Make anonymous micropayments more profitable than website ads
|
|
|
|
|
|
- In the future, add PT support
|
|
|
|
|
|
- Possibly separate Tor support from Private Tabs (maybe use Tor support in normal tabs, too)
|
|
|
|
|
|
|
|
|
Cliqz:
|
|
|
- Uses Firefox
|
|
|
- Adds "Forget Mode", rather than Private Mode
|
|
|
- Adds automatic Forget Mode if it decides a website should be opened in a forget mode
|
|
|
- In the future, move services to onion services
|
|
|
- Currently internal testing of beta version
|
|
|
- Cliqz uses Firefox release rather than ESR (opens possible proxy-bypass)
|
|
|
- Testing for proxy-bypass manually
|
|
|
- Future PT support
|
|
|
|
|
|
When Tor Project are contacted about Tor support:
|
|
|
"Tor" means many different things
|
|
|
|
|
|
Browser, network, program, etc
|
|
|
|
|
|
Tor Browser is more than a browser that routes traffic over the Tor network
|
|
|
|
|
|
Fingerprinting protections, privacy protections, etc
|
|
|
|
|
|
If another browser integrates Tor, calling it "Tor Mode" would be misleading
|
|
|
|
|
|
"Onion mode" or "Private Tabs with Tor" are options
|
|
|
|
|
|
What features must a browser support before the Tor Project is comfortable with another browser having a "Tor Mode"?
|
|
|
|
|
|
We should use the Browser Privacy Tests
|
|
|
|
|
|
- It's a starting point
|
|
|
|
|
|
|
|
|
EFF have a lot of history of browser fingerprinting from panopticlick
|
|
|
Maybe panopticlick compares the browser against Tor Browser
|
|
|
|
|
|
Users can be fingerprinted by the version of their browser (UAS, available features, configurations, etc)
|
|
|
|
|
|
How can The Tor Project help the other browsers?
|
|
|
|
|
|
Automated tests, and check-list is very helpful for knowing what is needed/expected
|
|
|
|
|
|
What is changing between Tor Browser and FF Release/Nightly?
|
|
|
|
|
|
What should be communicated to the user about the Tor mode?
|
|
|
|
|
|
|
|
|
Onion UI should be similar/standardized across browsers
|
|
|
|
|
|
Brave fails hard .onion address resolution
|
|
|
Cliqz uses the blockdotonion pref
|
|
|
|
|
|
Looking at browserleaks.com, too
|
|
|
|
|
|
Better explanation why someone should choose a browser with tor support vs. tor browser
|
|
|
|
|
|
Better explanation why Tor is different/better/worse than a VPN
|
|
|
|
|
|
Better documentation around this - FAQ? Training? |
|
|
\ No newline at end of file |