Re: [T(A)ILS-dev] Tor Browser Bundle config

This message is part of the following thread:
Mthe complete thread tree sorted by date
Mintrigeri at <-
Mbertagaz at ->
Delete this message

Reply to this message
Author: intrigeri
Date:  
To: The T\(A\)ILS public development discussion list
Subject: Re: [T(A)ILS-dev] Tor Browser Bundle config
Hi,

I had a look to some of the settings I previously mentionned.

intrigeri wrote (19 Dec 2010 22:17:06 GMT) :

> * pref("browser.chrome.favicons", false);
> * pref("browser.chrome.site_icons", false);

(both should be set to true / false at the same time)

Display favicons in the address bar, bookmarks menu, and in tabs. (Default)
Load and display site icons. (Default)

I wonder what are the security / privacy implications of having these
enabled. Not downloading favicons seems to be a great way to appear
different from other visitors. We should ask the TBB authors about this.

> * pref("browser.chrome.image_icons.max_size", 0);

To help users differentiate between images loaded in tabs, Firefox
sets the tab icon (and the icon in the Location Bar) to a small
version of the image.
If an image’s width or height is greater than this number, the default
icon is displayed instead of a thumbnail. The default value is 1024.
Setting it to 0 will disable image thumbnails.

I also wonder why they disabled this.

> * pref("browser.download.manager.retention", 1);

When to remove downloaded files' entries from the Download Manager
0: Upon successful download
1: When the browser exits
2 (default): Manually

TBB's configuration seems great and worth being stealed in T(A)ILS but
doesn't Torbutton already do this?

> * pref("browser.privatebrowsing.autostart", true);

Firefox' so-called private browsing mode is documented here:
https://wiki.mozilla.org/Firefox3.1/PrivateBrowsing/SecurityReview

I am not sure how enabling this interacts with Torbutton.

> * pref("browser.sessionstore.privacy_level", 2);

http://kb.mozillazine.org/Browser.sessionstore.privacy_level

0 = Store extra session data for any site.
1 = Store extra session data for unencrypted (non-HTTPS) sites only. (Default)
2 = Never store extra session data.

Seems to me Torbutton already does this, doesn't it?

bye,
--
intrigeri <intrigeri@???>
| GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
| OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr-fingerprint.asc
| Who wants a world in which the guarantee that we shall not
| die of starvation would entail the risk of dying of boredom ?

This message was posted to the following mailing lists:
tails-dev
Mailing List Info | Nearby Messages		<-Re: [T(A)ILS-dev] Iceweasel http.keep-aliveRe: [T(A)ILS-dev] Tor Browser Bundle config->
lists.autistici.org administrated by postmasterLurker (version 2.3)