Re: [Tails-dev] TorBrowser patches

[intrigeri]

Hi,

fr0sty wrote (04 Nov 2012 21:35:28 GMT) :
> One more thing:

>>> Do not track, and the "Tell Websites I do not want to be tracked"
>>> check mark in Firefoxes settings also can cause concern.
>> 
>> Why?
> According to https://bugzilla.mozilla.org/show_bug.cgi?id=630357 ,
> The risk of unwanted tracking could actually increase. If it is not that
> big of a deal, then enabling  it by default could be an option.

Well, everything could be an option. What we need is good reasons
to decide.

IMHO, until I'm convinced this option is useful, and does not just add
one more identifying bit to the Tails web browser fingerprint, I'd
rather leave it disabled (like the TBB does, BTW).

> On another note, could we enable the "Preferences > Security > Block
> reported attack sites & Block reported web forgeries" Option in Firefox?
> More info here 
> http://www.mozilla.org/en-US/firefox/phishing-protection/

I'm sorry, but to be entirely frank, I have to tell you this is not
helpful. Please let me explain why.

In short: if the way you want to help is by suggesting configuration
changes, then please do back such suggestions with arguments in the
context of the Tails threat model.

Long version: the "work you do / work you expect someone else to do"
ratio is quite low, when you merely point us to the upstream
documentation about a given Firefox feature, expecting someone else to
read it, analyze it, and draw conclusions from it. This is not how
free software projects generally work, and I have to make it clear the
chances are very low that someone does all the work you expect, just
because you suggested it, unless you *at least* show *why* someone
should do it. And, guess what? "This option exists" is not enough of
a reason to do it, especially when we already know that (hint: we
explicitly disable this feature in Tails).

In the hope this helps you find find better ways to contribute to
Tails :)

On the tracks of your initial will to test iceweasel, I suggest
reading https://tails.boum.org/contribute/how/input/ again, and e.g.
try to find a ticket or two that needs some tests done and that you're
interested in, in the "Test" section of our todo list:

  https://tails.boum.org/todo/

Cheers,
-- 
  intrigeri
  | GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
  | OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc
___
tails-dev mailing list
tails-dev@boum.org
https://mailman.boum.org/listinfo/tails-dev

Re: [Tails-dev] TorBrowser patches

[intrigeri]

fr0sty wrote (04 Nov 2012 21:34:38 GMT) :
> Any specific logs?

High priority: whatever is different from a regular TBB, and not
mentionned already in the various tickets about tbb / torbrowser /
iceweasel / web fingerprint in our todo list.

High priority: whatever behaves differently than written in the
aforementionned tickets (that is, regressions or new issues).

Medium priority: whatever you find concerning enough to be worth
raising. Please do search the Tails website first to avoid hitting the
FAQ, please do read the torbrowser design documentation for the same
reason, and please do explain why you consider it's a concern wrt.
Tails specification.
("it raises a red flag on check-my-web-browser.example.com"
does *not* count as a useful explanation ;)

Thanks!

Cheers,
-- 
  intrigeri
  | GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
  | OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc
___
tails-dev mailing list
tails-dev@boum.org
https://mailman.boum.org/listinfo/tails-dev

Re: [Tails-dev] TorBrowser patches

[adrelanos]

fr0sty:
> According to https://bugzilla.mozilla.org/show_bug.cgi?id=630357 ,
> The risk of unwanted tracking could actually increase. If it is not that
> big of a deal, then enabling  it by default could be an option.
> On another note, could we enable the "Preferences > Security > Block
> reported attack sites & Block reported web forgeries" Option in Firefox?
> More info here 
> http://www.mozilla.org/en-US/firefox/phishing-protection/

I think phishing protection has been deactivated upstream in Tor Browser
for a reason and if you read how the feature works and the privacy
policy, you'll come to the decision that the decision was right. Feel
free to research that yourself and to dispute the decision, especially
in case things changed since.

Also activating features in Tails while not having them upstream in Tor
Browser is sometimes problematic (fingerprinting). I'd at least *also*
suggest the feature upstream after having researched the topic.
___
tails-dev mailing list
tails-dev@boum.org
https://mailman.boum.org/listinfo/tails-dev

Re: [Tails-dev] TorBrowser patches

[intrigeri]

adrelanos wrote (05 Nov 2012 10:19:24 GMT) :
> fr0sty:

I'm not sure cl34r reads the list.
___
tails-dev mailing list
tails-dev@boum.org
https://mailman.boum.org/listinfo/tails-dev

Re: [Tails-dev] Call for testing 0.14~rc2

[intrigeri]

intrigeri wrote (02 Nov 2012 09:25:29 GMT) :
> anonym wrote (30 Oct 2012 00:35:39 GMT) :
>> This is the 'official' call for testing the second release candidate of
>> the upcoming version 0.14 of Tails.

> We might have a regression on bridges support:
> https://tails.boum.org/forum/Bridge_mode/#comment-b3f81f2e30e71d45e50fd61c86115079

Apparently not. Two of us have seen it work.

Cheers,
-- 
  intrigeri
  | GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
  | OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc
___
tails-dev mailing list
tails-dev@boum.org
https://mailman.boum.org/listinfo/tails-dev