On Mon, Nov 17, 2014 at 07:41:22AM -0600, Bruno Wolff III wrote: > On Mon, Nov 17, 2014 at 12:05:35 +0200, > Nikos Roussos <comzeradd@xxxxxxxxxxxxxxxxx> wrote: > > > >No. We are talking about the tiles. I didn't see anyone suggesting we > >remove Google search. It's like the tiles feature crossed a line, which > >is far from truth. > > Firefox is really not set up with privacy as a high priority. Some > bad things it does from a privacy perspective are: > > If you type a name in the url bar and send, if the name dosn't match > a domain google is contacted. (And it is google even if you have > some other search engine set.) > > OSCP is used to check for certificate revocations. For some threat > models this cure is worse than the disease. There should be an easy > way to disable this. > > There is not a way to disable fetching all offsite references that > aren't whitelisted. There is a hard way to do this for images, but > there does not appear to be a way to do this for other object types. > > The initial initial page is not set to about:blank, so that some > site will be contacted (I think it is a Fedora page now.) before you > have a chance to set it to about:blank in firefox. (It is possible > to change this outside of Firefox, but it is hard.) > > When firefox has a version update mozilla is contacted to present > you with the release notes for the new version. It is possible to > disable this, but it isn't really obvious how. (Even if you have > done it before.) > > Javascript is not easy to disable without installing a third party > plugin, and the way that plugin works still leaves some exposure to > javascript related issues. > > There is a safe browsing feature that also will phone home. > > If you look at the about:config menu you will see lots of URLs and > it isn't clear when these URLs are used in many cases. > > The referer header is sent by default. It isn't obvious how to disable that. > > It isn't obvious how to disable remotes sites storing data locally. > This feature can be used like cookies and should be easily > controllable. This is a good analysis. However I hope people don't take away from it "OMG there's nothing we can do". We can work on making it better incrementally, and fixing this advert tabs thing is a good place to start. Also having the Fedora policy be clear and unambiguous. Who would deal with that? FESCO? The Board (or whatever it's called these days)? Rich. -- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones Read my programming and virtualization blog: http://rwmj.wordpress.com virt-p2v converts physical machines to virtual machines. Boot with a live CD or over the network (PXE) and turn machines into KVM guests. http://libguestfs.org/virt-v2v -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
