[freenet-dev] Mozilla/Gecko browser features destroying your anonymity on freenet?
Matthew Toseland
toad at amphibian.dyndns.org
Mon Dec 10 17:43:26 UTC 2007
On Sunday 09 December 2007 13:50, Jack O'Lantern wrote:
> Hi,
>
> I'm in the process of updating the README of 0.5 and found the section
> on securing Mozilla in need of a rewrite. I haven't found a similar
> section in the 0.7 README, so the follwing information might be of
> interest for 0.7, too.
>
> I know of three Mozilla features potentially destroying your anonymity
> when using FProxy:
>
> * GoBrowsing: feeds URLs of failed requests into a search engine. This
> is a well-known problem but the workaround has changed. Whereas in
> older versions of Mozilla, the variable "browser.goBrowsing.enabled"
> had to be set to false, now it is "keyword.enabled".
Is there anything we can do about this in 0.7 other than adding a note about
it to the README? Does anyone read the README? :| Bombe was working on a
documentation toadlet, which might help.
>
> * Prefetching: loads links in a page in the background. If I understand
> correctly, 0.7 already protects itself against this feature by
> converting anchors to form submit buttons. This feature may be disabled
> by setting "network.prefetch-next" to false.
I believe this is off by default in most mozilla's/firefox's? It's harmless in
0.7 anyway, but it may cost some performance (due to tying up connections),
or gain some (by prefetching high latency pages)...
>
> * Safebrowsing: communicates the URL (and contents?) of each request to
> a "safebrowsing provider" (Google is the default). This feature appears
> to be deactivated in most, if not all, browsers by default. It may be
> deactivated by setting "browser.safebrowsing.enabled" to false.
Would be nice to detect it, I suppose we ought to mention it in the README...?
What is its purpose?
>
> Are there other funny new Mozilla features I should include in the
> security cautions section?
>
> Jack
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://emu.freenetproject.org/pipermail/devl/attachments/20071210/61c56805/attachment.pgp
More information about the Devl
mailing list