[freenet-dev] Mozilla/Gecko browser features destroying your anonymity on freenet?
Florent Daignière
nextgens at freenetproject.org
Sun Dec 9 22:40:25 UTC 2007
* Jack O'Lantern <jolantern60 at yahoo.com> [2007-12-09 05:50:46]:
> Hi,
>
> I'm in the process of updating the README of 0.5 and found the section
> on securing Mozilla in need of a rewrite. I haven't found a similar
> section in the 0.7 README, so the follwing information might be of
> interest for 0.7, too.
>
> I know of three Mozilla features potentially destroying your anonymity
> when using FProxy:
>
> * GoBrowsing: feeds URLs of failed requests into a search engine. This
> is a well-known problem but the workaround has changed. Whereas in
> older versions of Mozilla, the variable "browser.goBrowsing.enabled"
> had to be set to false, now it is "keyword.enabled".
>
> * Prefetching: loads links in a page in the background. If I understand
> correctly, 0.7 already protects itself against this feature by
> converting anchors to form submit buttons. This feature may be disabled
> by setting "network.prefetch-next" to false.
>
> * Safebrowsing: communicates the URL (and contents?) of each request to
> a "safebrowsing provider" (Google is the default). This feature appears
> to be deactivated in most, if not all, browsers by default. It may be
> deactivated by setting "browser.safebrowsing.enabled" to false.
>
> Are there other funny new Mozilla features I should include in the
> security cautions section?
>
> Jack
>
There is at least a fourth one we are immune to in .7... The "If I read
anything looking like a RSS feed, I decide to ignore the mime-type" one.
NextGen$
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://emu.freenetproject.org/pipermail/devl/attachments/20071209/cd2cfa50/attachment.pgp
More information about the Devl
mailing list