#21569: Investigate and neuter fingerprinting potential of Permissions API -------------------------------------------------+------------------------- Reporter: gk | Owner: | arthuredelstein Type: task | Status: | needs_information Priority: High | Milestone: Component: Applications/Tor Browser | Version: Severity: Normal | Resolution: Keywords: ff52-esr, tbb-7.0-must-alpha, | Actual Points: TorBrowserTeam201705R | Parent ID: | Points: Reviewer: | Sponsor: | Sponsor4 -------------------------------------------------+-------------------------
Comment (by arthuredelstein): Replying to [comment:9 mcs]: > Kathy and I started to review this but got stuck on a couple of things: > * Where is the file `file_firstPartySpecial.html`? > * Should the commented out lines (e.g., for geolocation) be removed from `browser_permissions.js`? > * `PrincipalOriginAttributes::StripUserContextId()` is now an empty function. Is that correct? Thanks for noticing these things. I have cleaned them up now. Here's the new version: https://github.com/arthuredelstein/tor-browser/commit/21569+4 Note here I am enabling isolation of permissions both by first party domain and container ID. As Tor Browser doesn't use containers, the change to container behavior should have no effect. But I took this approach (changing both things) because it makes writing a test with Mozilla's existing isolation test framework straightforward. If Mozilla decides to apply first-party isolation to permissions, but not to apply it to containers, then they will need to modify the framework. (Although my recommendation would be to isolate permissions by containers as well.) -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21569#comment:11> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online _______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs