Hi, This answer might pop up late now that #8665 is in Ready for QA state, still it might bring new questions. Sorry for that.
On Fri, Jan 23, 2015 at 12:49:10AM +0100, intrigeri wrote: > mercedes508 wrote (22 Jan 2015 17:54:53 GMT) : > > And I'm wondering how important the fingerrint issue is, considering > > how easy it is to change it (e.g. by enlarging the browser window), > > I'm more concerned about behavioral differences (compared to the Tor > Browser) that we ship by default (XXX: we haven't summed up what they > were recently, by the way), than about bits of fingerprinting > information that every Tor Browser user, be it upstream or within > Tails, can individually choose to leak. > > I'm tempted to propose that on this topic, just like for resizing the > browser: > > * we provide safer defaults; > * we let users manually opt-in if they want to block ads and diverge > from the Tor Browser anonymity set. > (Of course the current behaviour for resizing the window is not a good > implementation of opting-in to diverge, as the security consequences > of this action are completely non-obvious to the user. There are > tickets in the right place about asking for a confirmation in this > case, I think.) > > [And I'm starting to wonder if this wouldn't be better to put that > in the upcoming Tor Browser's "security slider". At first glance: Then if we go for safer defaults, I agree Ad Block+ would be more close to NoScript in term in UX and fingerprinting. We could integrate Ad Block+ the same way: installed but disabled by default. That sure would be something to discuss further with the TorBrowser people. We could help them to upstream our Ad Block+ rules update process. Shall we engage a discussion about this? That's https://trac.torproject.org/projects/tor/ticket/9387 > "block ads, not JS" < "block neither ads nor JS" < "block JS, not ads" > (default) > > but once you block JS, your fingerprint is so much different anyway > that blocking ads on top don't make a big difference, so possibly this > would be better, although awkward and then perhaps confusing for > users: > > "block ads, not JS" < "block neither ads nor JS" < "block JS and ads" > > Food for thought.] I'm not even sure we need to decouple both, but why not. It might be hard to fit in the TorLauncher slider though if we want to push this forward. Bert. _______________________________________________ Tails-dev mailing list Tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to tails-dev-unsubscr...@boum.org.