* Jack O'Lantern <jolantern60 at yahoo.com> [2007-12-09 05:50:46]: > Hi, > > I'm in the process of updating the README of 0.5 and found the section > on securing Mozilla in need of a rewrite. I haven't found a similar > section in the 0.7 README, so the follwing information might be of > interest for 0.7, too. > > I know of three Mozilla features potentially destroying your anonymity > when using FProxy: > > * GoBrowsing: feeds URLs of failed requests into a search engine. This > is a well-known problem but the workaround has changed. Whereas in > older versions of Mozilla, the variable "browser.goBrowsing.enabled" > had to be set to false, now it is "keyword.enabled". > > * Prefetching: loads links in a page in the background. If I understand > correctly, 0.7 already protects itself against this feature by > converting anchors to form submit buttons. This feature may be disabled > by setting "network.prefetch-next" to false. > > * Safebrowsing: communicates the URL (and contents?) of each request to > a "safebrowsing provider" (Google is the default). This feature appears > to be deactivated in most, if not all, browsers by default. It may be > deactivated by setting "browser.safebrowsing.enabled" to false. > > Are there other funny new Mozilla features I should include in the > security cautions section? > > Jack >
There is at least a fourth one we are immune to in .7... The "If I read anything looking like a RSS feed, I decide to ignore the mime-type" one. NextGen$ -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: Digital signature URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20071209/cd2cfa50/attachment.pgp>
