intrigeri: > sajolida wrote (07 May 2015 14:15:30 GMT) : >> intrigeri: >>> Also, I've no idea what "floodfill performance" is in >>> this context. > >> The context being I2P, it seems to be a core concept of the way I2P >> maintains the database describing its network: > >> https://geti2p.net/en/docs/how/network-database > >> That's jargon to me but I guess that I2P freaks might find that relevant >> or at least as relevant as mentioning a version number without any >> additional information. > > OK... this concept seems to live at the same technical level as > concepts like "bridge descriptors" or "introduction points" are for > Tor, which I'm pretty sure we would not want to expose to users. > But I'm not insisting: indeed telling a bit about what's new in that > version is good, and we probably lack the I2P skills to translate this > concept correctly into something that would be more appropriate for > our audience. > >>> I find the example provided for "Tor isolates better the connections >>> to **third-party content**" unconvincing: > >> That was my interpretation of the Tor Browser 4.5 release notes (Privacy >> Improvements section). > >>>> - Tor isolates better the connections to **third-party content** >>>> included on the websites that you visit. For example, the connection >>>> made through a *like* button from Facebook, Twitter, or Google+ is >>>> now going through the same circuit as the connections made to the >>>> website. This prevents third-party websites from correlating your >>>> visits to different websites. >>> >>> The fact that 3rd-party resource fetches go through the same circuit >>> as the originally requested page, in itself, doesn't prevent any >>> correlation. > >> Why? > > Let's try a few different explanations, hopefully one will work: > > a) Because this, in itself, doesn't isolate navigation on website1 > from navigation on website2. > > b) The fact that I'm on the same train as you doesn't imply anything, > in itself, about whether you are on the same train as Alan. > Neither that you probably are, nor that you probably aren't. (Yay, > I know, such metaphors generally don't work, but it's worth a try.)
Understood now, thanks! I was taking first-party isolation from granted. >>> It only becomes the case once *combined* with the fact >>> that different tabs won't use the same circuit. >>> >>> So, introducing it >>> with "For example" seems incorrect to me. Now, clearly that's a pretty >>> tough one to phrase => good luck. > >> I experience something different here. [...] > > Yes, you're correct. I shouldn't have written "tabs" above, but rather > "URL bar origin". Ok, this makes more sense. >> Did I misunderstood something? > > No, I think you understood pretty well the updated Tor Browser design > in this area. So at least we agree on the expected behaviour, and the > only remaining problem is the "For example" phrasing that I've > pointed out. Now I tried a69776a. Please review. And sorry for the short deadline! -- sajolida _______________________________________________ Tails-dev mailing list [email protected] https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to [email protected].
