Hello List So while I waited for some reviews I wrote an initial patch to solve the etag tracking bug. https://bugzilla.mozilla.org/show_bug.cgi?id=231852. (I am working on general privacy bugs).
My approach is to have a preference (disabled by default) that makes firefox never send validation headers. Why I think a pref to make them optional is good: -> It will only affect stale cache entries, if websites have bothered so set up expiration headers there will be no impact for users or websites. -> We can still use heuristics that avoid doing validation (ie the file was last modified 10 years ago therfore most likely it has not been modified in the last five minutes). -> this will be a big win for projects that want to enable very strong privacy protections without having them to have custom patchsets for firefox (see Tor browser bundle). -> the code change is minimal, only one line of logic code change (I am dicounting the getting the preference observer), so future maintenance should be minimal. Cons: -> there is more code to maintain. -> Only a small number of users would set it up (but these are very noisy) Christian Biesinger has also suggested that this would make browser with the setting on to be very slow. I have tried it locally and it does not look so. However I would like to actually measure the impact of the preference on say the top 100 alexa sites. Any suggestions on how to do this? Maybe I am thinking on a wrong approach, suggestions for making this better are appreciated. Thank you all Camilo _______________________________________________ dev-tech-network mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-network
