Does they share the same memory with same process but isolated?
And what is the difference between surf and surf-isolated.
I had opened the code, it really is minimal but I don't understand it
fully as I am still a **novice** in C.
I tried to compile surf with musl-gcc. But it doesn't work, I hope you
can explain more about this and the difference on using it with cc.
I think that the ip address could be hidden by tor. I am using tor with
polipo to sockstify all outgoing network including surf. Is that
correct?
You still get ads, but they are less targeted. Cookies still work, but
third party cookies are stored per origin domain. For example, each
website you go to will get a separate google cookie. You can still be
tracked *within* a site through cookies.
What do you mean by that?
Thanks for answering my question.
On Mon, Jul 06, 2015 at 11:24:47AM -0700, Ben Woolley wrote:
Hi Pickfire,
No, nothing like that. Surf's code is small and simple enough that
even a novice C programmer could add such a feature. It is trivial to
filter content in surf at the code level. 99% of it would be
configuration. I encourage you to try to implement the feature. Surf
is minimal enough that a developer can *configure* it through *code*.
In that sense, it supports whatever feature you want. If you implement
the feature, you can post the patch to the website as a possible
configuration. This keeps the core surf minimal.
--
If you are interested, I have an experimental branch for tracking
issues. My strategy is to properly implement the same-origin policy,
by implementing both vertical and horizontal origin isolation -- that
is, each origin domain gets its own browser profile, and warning
prompts are issued when crossing origins, preventing data from from
being shared between origin domains within the browser. This actually
disables the mechanism exploited by resource-keyed tracking.
How it works is: each browser process is constrained to a single
origin. Any navigation away from the process-constant origin gets a
new browser process. The design of surf made it straightforward to
implement, since it already behaved 90% the way I needed.
You still get ads, but they are less targeted. Cookies still work, but
third party cookies are stored per origin domain. For example, each
website you go to will get a separate google cookie. You can still be
tracked *within* a site through cookies.
You will want to obscure your IP address, too. I consider that a separate issue.
There are some issues remaining:
1. POST data that crosses origins isn't preserved, so many
authentication systems don't work.
2. You may need to symlink some profiles together to get, for
example, google's SSO to work. The profiles for gmail.com and
accounts.google.com need to be symlinked to log into gmail.
3. The header scrambling has some known issues worked out on this
mailing list.
My experimental branch is here:
https://github.com/legitparty/surf-isolated
In that branch, use the -O flag to enable the feature. I use `surf -g
-p -O -D example.com`
--
Take a look at my commits, and it might be clear to you where and how
to do filtering. If not, just ask, and I will explain, but I encourage
you to first just dive into the code. In fact, just opening surf.c
from the official git repo could have told you the answer to your
question in very little time. It really is *minimal*.
Cheers,
Ben
On 7/6/15, Pickfire <pickf...@riseup.net> wrote:
Hi, does surf implement tracking protection which disables sites from
tracking using cookies and it is said that it could improve performance in
Firefox for
up to 44%.
Thanks.
