#25559: Miscellaneous security- and privacy-related prefs for Tor Browser ------------------------------------------+-------------------------------- Reporter: arthuredelstein | Owner: tbb-team Type: defect | Status: new Priority: Medium | Milestone: Component: Applications/Tor Browser | Version: Severity: Normal | Keywords: tbb-security, | ff60-esr Actual Points: | Parent ID: Points: | Reviewer: Sponsor: | ------------------------------------------+-------------------------------- JKT has been working on some prefs he suggested we might consider: * Security.mixed_content.upgrade_display_content * Upgrades passive mixed content to HTTPS transparently * Network.ftp.enabled * disable FTP * security.insecure_connection_icon.enabled and security.insecure_connection_icon.pbmode.enabled * security.insecure_connection_text.enabled and security.insecure_connection_text.pbmode.enabled * Both of these mark HTTP connections as insecure. One with a broken lock icon, the other with text saying ‘Not Secure’ * Insecure flash content: * security.mixed_content.block_object_subrequest * Sensors: * device.sensors.*.enabled (motion, proximity, ambientLight and orientation) && the Event constructors are now also included in device.sensors.enabled * `device.sensors.enabled` set to False in RF (https://bugzilla.mozilla.org/show_bug.cgi?id=1369319) * dom.registerProtocolHandler.insecure.enabled * browser.cache.offline.insecure.enable * dom.registerContentHandler.enabled
Others being pondered: * Http-disabled * I believe this is to block all HTTP connections. -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/25559> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online
_______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs