Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Privacy & Security in Firefox Quantum

Avatar for luke crouch luke crouch
October 16, 2017
Technology
0
100

Privacy & Security in Firefox Quantum

Short summary of some of the privacy & security fixes, features, and enhancements landing in Firefox 57.
Avatar for luke crouch

luke crouch

October 16, 2017
Tweet

More Decks by luke crouch

See All by luke crouch
Pigeons to Padlocks: 5000 years of Network Security
Avatar for luke crouch groovecoder
0
51
cryptory-up-to-https-atlas-2024.pdf
Avatar for luke crouch groovecoder
0
50
Cryptography: 500 BC to https
Avatar for luke crouch groovecoder
0
150
Mozilla Observatory First Draft
Avatar for luke crouch groovecoder
0
110
VPNs
Avatar for luke crouch groovecoder
0
110
Digital Privacy & Security
Avatar for luke crouch groovecoder
0
240
Cryptography: 500 BC to Quantum Computing
Avatar for luke crouch groovecoder
0
640
Just enough bitcoing to go cryptojacking with JavaScript
Avatar for luke crouch groovecoder
0
86
Can we protect Privacy without breaking the web
Avatar for luke crouch groovecoder
0
140

Other Decks in Technology

See All in Technology
AIと共に乗り越える、 入社後2ヶ月の苦労と学習の軌跡
Avatar for Sai Kaneko sai_kaneko
0
190
Microsoft Fabric vs Databricks vs (Snowflake) -若手エンジニアがそれぞれの強みと違いを比較してみた- "A Young Engineer's Comparison of Their Strengths and Differences"
Avatar for 大竹礼二(REIJI OTAKE) reireireijinjin6
1
130
AIコーディングの最前線 〜活用のコツと課題〜
Avatar for PharmaX(旧YOJO Technologies)開発チーム pharma_x_tech
4
2.9k
2025-04-14 Data & Analytics 井戸端会議 Multi tenant log platform with Iceberg
Avatar for kamijin_fanta kamijin_fanta
0
180
Cross Data Platforms Meetup LT 20250422
Avatar for タロウ tarotaro0129
1
920
LT Slide 2025-04-22
Avatar for Shigeki Shoji takesection
0
110
ペアーズにおける評価ドリブンな AI Agent 開発のご紹介
Avatar for fukubaka0825 fukubaka0825
8
2.1k
QA/SDETの現在と、これからの挑戦
Avatar for imtnd imtnd
0
220
ドキュメント管理の理想と現実
Avatar for Ohara Kazuhiro kazuhe
3
310
10ヶ月かけてstyled-components v4からv5にアップデートした話
Avatar for uhyo uhyo
5
450
日経電子版 for Android の技術的課題と取り組み(令和最新版)/android-20250423
Avatar for 日本経済新聞社 エンジニア採用事務局 nikkei_engineer_recruiting
1
610
白金鉱業Meetup_Vol.18_生成AIはデータサイエンティストを代替するのか?
Avatar for BrainPad brainpadpr
4
220

Featured

See All Featured
VelocityConf: Rendering Performance Case Studies
Avatar for Addy Osmani addyosmani
329
24k
jQuery: Nuts, Bolts and Bling
Avatar for Doug Neiner dougneiner
63
7.7k
Building Adaptive Systems
Avatar for Chris Keathley keathley
41
2.5k
Principles of Awesome APIs and How to Build Them.
Avatar for Keavy McMinn keavy
126
17k
The World Runs on Bad Software
Avatar for Brandon Keepers bkeepers
PRO
68
11k
Optimising Largest Contentful Paint
Avatar for Harry Roberts csswizardry
37
3.2k
BBQ
Avatar for Matthew Crist matthewcrist
88
9.6k
What's in a price? How to price your products and services
Avatar for Michael Herold michaelherold
245
12k
Building a Scalable Design System with Sketch
Avatar for Laura Van Doore lauravandoore
462
33k
[RailsConf 2023 Opening Keynote] The Magic of Rails
Avatar for Eileen M. Uchitelle eileencodes
29
9.4k
How STYLIGHT went responsive
Avatar for nonsquared nonsquared
100
5.5k
Become a Pro
Avatar for Speaker Deck speakerdeck
PRO
28
5.3k

Transcript

  1. PRIVACY & SECURITY IN FIREFOX QUANTUM

  2. TEXT ▸ data urls ▸ sandboxing ▸ contextualIdentities API ▸

    (more) Tor anti-fingerprinting ▸ site permissions preference

  3. TEXT ▸ data urls ▸ sandboxing ▸ contextualIdentities API ▸

    (more) Tor anti-fingerprinting ▸ site permissions preference

  4. DATA URLS

  5. DATA URLS

  6. DATA URLS

  7. DATA URLS

  8. DATA URLS

  9. DATA:URIS EFFECT(S) ON WEB DEVS ▸ hopefully none ▸ please

    tell me you’re not scripting and embedding data:uris that have to inherit their page context

  10. TEXT ▸ data urls ▸ sandboxing ▸ contextualIdentities API ▸

    (more) Tor anti-fingerprinting ▸ site permissions preference

  11. SANDBOXING

  12. TEXT SANDBOXING ▸ Browser ▸ Web Content ▸ Add-ons ▸

    Media Player ▸ NPAPI ▸ File content ▸ Compositor

  13. SANDBOXING EFFECT(S) ON WEB DEVS ▸ hopefully none ▸ unless

    you’re a Firefox add-on developer too?

  14. TEXT ▸ data urls ▸ sandboxing ▸ contextualIdentities API ▸

    (more) Tor anti-fingerprinting ▸ site permissions preference

  15. contextualIdentities

  16. contextualIdentities

  17. None
  18. None

  19. DEMO! contextualIdentities

  20. contextualIdentities EFFECT(S) ON WEB DEVS ▸ should be none if

    you’re using cookies properly! ▸ Does your site do IP-address cookie-pinning (like GitHub does/did)?

  21. TEXT ▸ data urls ▸ sandboxing ▸ contextualIdentities API ▸

    (more) Tor anti-fingerprinting ▸ site permissions preference

  22. (more) resistFingerprinting (Tor uplift)

  23. None

  24. Video Parsing Timing Attack

  25. Video Parsing Timing Attack

  26. WebGL Fingerprinting http://cseweb.ucsd.edu/~hovav/dist/canvas.pdf

  27. resistFingerprinting TOR UPLIFT EFFECT(S) ON WEB DEVS ▸ minimal -

    it’s not enabled by default (yet) ▸ potentially extensive … ▸ Come to 
 
 


  28. TEXT ▸ data urls ▸ sandboxing ▸ contextualIdentities API ▸

    (more) Tor anti-fingerprinting ▸ site permissions preference
  29. None
  30. None
  31. None
  32. None
  33. None
  34. None
  35. None

  36. SITE PERMISSIONS PREFERENCES EFFECT(S) ON WEB DEVS ▸ ask for

    permissions properly ▸ in response to a user action ▸ in the right context ▸ e.g., push notifications ▸ not on page-load ▸ don’t spam

  37. Pop-up ads = Doing it wrong

  38. https://blog.clevertap.com/app-uninstall-reporting/

  39. Annoying Pop-ups = un-installs

  40. TEXT QUESTIONS? ▸ data urls ▸ sandboxing ▸ contextualIdentities API

    ▸ (more) Tor anti-fingerprinting ▸ site permissions preference