Francois Marier: > A few of us have been thinking about how to let users manage their > multiple online identities in Firefox, as well as how to isolate sites > from one another. Our goal is to find tools we can offer to > privacy-conscious Firefox users. > > Containers [1] was the first idea that Bram and I came up with. It's a > lightweight way to keep sessions (i.e. cookies, local storage, etc.) > separate. A single person could have more than one container in their > browser.
For what it's worth, for Tor Browser we are interested in using containers for isolating identifiers to the URL bar domain (aka double-keying). Our long-term goal is to produce a cookie/identifier management UI that allows users to define their relationship to URL bar sites in a way that resembles application management, rather than managing a relationship to a myriad of third parties. Here's a mockup of that UI idea, though obviously another layer of per-site account management would also be nice: https://www.torproject.org/projects/torbrowser/design/NewCookieManager.png We already have some patches that do this isolation for the image cache (which I don't think AppID-based containers would help for?), as well as the content cache (for which they would), and for DOM Storage (for which I am unsure). We've posted these patches in the Mozilla bugtracker under this meta-bug: https://bugzilla.mozilla.org/show_bug.cgi?id=939354 We still lack patches for proper cookie and http auth double-keying. As a stopgap, we disable third party cookies and third party http auth. We also simply disable TLS session tickets rather than try to double-key them, which obviously is sub-optimal for performance, but may have other additional benefits against Tor traffic correlation/anonymity against exit node observers. We also want to disable HSTS for third parties while such isolation is enabled (unless the URL bar domain uses HSTS). This will deal with the HSTS supercookies, and should not pose a security risk if cookies and cache are properly isolated. I am wondering if the AppId/Container model might make Tor Browser's first party isolation easier? Should we be trying to use it for our current and future patches? We're also eager to discuss ways of unifying our approach to privacy and identity management with Mozilla's plans, such that ultimately we can provide a safe Tor mode experience for normal Firefox users. In the meantime, I think we would also benefit from sharing as much of the implementation and plumbing as possible, as well. -- Mike Perry
signature.asc
Description: Digital signature
_______________________________________________ dev-privacy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-privacy
