On Sunday 09 December 2007 13:50, Jack O'Lantern wrote: > Hi, > > I'm in the process of updating the README of 0.5 and found the section > on securing Mozilla in need of a rewrite. I haven't found a similar > section in the 0.7 README, so the follwing information might be of > interest for 0.7, too. > > I know of three Mozilla features potentially destroying your anonymity > when using FProxy: > > * GoBrowsing: feeds URLs of failed requests into a search engine. This > is a well-known problem but the workaround has changed. Whereas in > older versions of Mozilla, the variable "browser.goBrowsing.enabled" > had to be set to false, now it is "keyword.enabled".
Is there anything we can do about this in 0.7 other than adding a note about it to the README? Does anyone read the README? :| Bombe was working on a documentation toadlet, which might help. > > * Prefetching: loads links in a page in the background. If I understand > correctly, 0.7 already protects itself against this feature by > converting anchors to form submit buttons. This feature may be disabled > by setting "network.prefetch-next" to false. I believe this is off by default in most mozilla's/firefox's? It's harmless in 0.7 anyway, but it may cost some performance (due to tying up connections), or gain some (by prefetching high latency pages)... > > * Safebrowsing: communicates the URL (and contents?) of each request to > a "safebrowsing provider" (Google is the default). This feature appears > to be deactivated in most, if not all, browsers by default. It may be > deactivated by setting "browser.safebrowsing.enabled" to false. Would be nice to detect it, I suppose we ought to mention it in the README...? What is its purpose? > > Are there other funny new Mozilla features I should include in the > security cautions section? > > Jack -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20071210/61c56805/attachment.pgp>
