Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Privacy & Security in Firefox Quantum

luke crouch
October 16, 2017
Technology
0
99

Privacy & Security in Firefox Quantum

Short summary of some of the privacy & security fixes, features, and enhancements landing in Firefox 57.

luke crouch

October 16, 2017
Tweet

More Decks by luke crouch

See All by luke crouch
Pigeons to Padlocks: 5000 years of Network Security
groovecoder
0
28
cryptory-up-to-https-atlas-2024.pdf
groovecoder
0
42
Cryptography: 500 BC to https
groovecoder
0
100
Mozilla Observatory First Draft
groovecoder
0
93
VPNs
groovecoder
0
94
Digital Privacy & Security
groovecoder
0
220
Cryptography: 500 BC to Quantum Computing
groovecoder
0
500
Just enough bitcoing to go cryptojacking with JavaScript
groovecoder
0
63
Can we protect Privacy without breaking the web
groovecoder
0
110

Other Decks in Technology

See All in Technology
形式手法の 10 メートル手前 #kernelvm / Kernel VM Study Hokuriku Part 7
ytaka23
5
750
組み込みLinuxの時系列
puhitaku
4
1k
データ活用促進のためのデータ分析基盤の進化
takumakouno
2
470
Microsoft Intune アプリのトラブルシューティング
sophiakunii
1
410
徹底比較!HA Kubernetes ClusterにおけるControl Plane LoadBalancerの選択肢
logica0419
2
140
リンクアンドモチベーション ソフトウェアエンジニア向け紹介資料 / Introduction to Link and Motivation for Software Engineers
lmi
4
300k
Engineering at LY Corporation
lycorp_recruit_jp
0
320
Windows Autopilot Deployment by OSD Guy
tamaiyutaro
0
310
Oracle Cloud World 2024 GoldenGateプラットフォームの戦略について
oracle4engineer
PRO
0
110
隣接領域をBeyondするFinatextのエンジニア組織設計 / beyond-engineering-areas
stajima
1
230
Spring Frameworkの新標準!? ~ RestClientとHTTPインターフェース入門 ~
ogiwarat
2
260
ジョブマッチングサービスにおける相互推薦システムの応用事例と課題
hakubishin3
3
620

Featured

See All Featured
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
tammyeverts
46
2.1k
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
329
21k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
92
16k
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
231
17k
Typedesign – Prime Four
hannesfritz
40
2.4k
[RailsConf 2023] Rails as a piece of cake
palkan
51
4.9k
Rebuilding a faster, lazier Slack
samanthasiow
79
8.7k
Evolution of real-time – Irina Nazarova, EuRuKo, 2024
irinanazarova
4
360
Making Projects Easy
brettharned
115
5.9k
Six Lessons from altMBA
skipperchong
27
3.5k
A Modern Web Designer's Workflow
chriscoyier
693
190k
Optimising Largest Contentful Paint
csswizardry
33
2.9k

Transcript

  1. PRIVACY & SECURITY IN FIREFOX QUANTUM

  2. TEXT ▸ data urls ▸ sandboxing ▸ contextualIdentities API ▸

    (more) Tor anti-fingerprinting ▸ site permissions preference

  3. TEXT ▸ data urls ▸ sandboxing ▸ contextualIdentities API ▸

    (more) Tor anti-fingerprinting ▸ site permissions preference

  4. DATA URLS

  5. DATA URLS

  6. DATA URLS

  7. DATA URLS

  8. DATA URLS

  9. DATA:URIS EFFECT(S) ON WEB DEVS ▸ hopefully none ▸ please

    tell me you’re not scripting and embedding data:uris that have to inherit their page context

  10. TEXT ▸ data urls ▸ sandboxing ▸ contextualIdentities API ▸

    (more) Tor anti-fingerprinting ▸ site permissions preference

  11. SANDBOXING

  12. TEXT SANDBOXING ▸ Browser ▸ Web Content ▸ Add-ons ▸

    Media Player ▸ NPAPI ▸ File content ▸ Compositor

  13. SANDBOXING EFFECT(S) ON WEB DEVS ▸ hopefully none ▸ unless

    you’re a Firefox add-on developer too?

  14. TEXT ▸ data urls ▸ sandboxing ▸ contextualIdentities API ▸

    (more) Tor anti-fingerprinting ▸ site permissions preference

  15. contextualIdentities

  16. contextualIdentities

  17. None
  18. None

  19. DEMO! contextualIdentities

  20. contextualIdentities EFFECT(S) ON WEB DEVS ▸ should be none if

    you’re using cookies properly! ▸ Does your site do IP-address cookie-pinning (like GitHub does/did)?

  21. TEXT ▸ data urls ▸ sandboxing ▸ contextualIdentities API ▸

    (more) Tor anti-fingerprinting ▸ site permissions preference

  22. (more) resistFingerprinting (Tor uplift)

  23. None

  24. Video Parsing Timing Attack

  25. Video Parsing Timing Attack

  26. WebGL Fingerprinting http://cseweb.ucsd.edu/~hovav/dist/canvas.pdf

  27. resistFingerprinting TOR UPLIFT EFFECT(S) ON WEB DEVS ▸ minimal -

    it’s not enabled by default (yet) ▸ potentially extensive … ▸ Come to 
 
 


  28. TEXT ▸ data urls ▸ sandboxing ▸ contextualIdentities API ▸

    (more) Tor anti-fingerprinting ▸ site permissions preference
  29. None
  30. None
  31. None
  32. None
  33. None
  34. None
  35. None

  36. SITE PERMISSIONS PREFERENCES EFFECT(S) ON WEB DEVS ▸ ask for

    permissions properly ▸ in response to a user action ▸ in the right context ▸ e.g., push notifications ▸ not on page-load ▸ don’t spam

  37. Pop-up ads = Doing it wrong

  38. https://blog.clevertap.com/app-uninstall-reporting/

  39. Annoying Pop-ups = un-installs

  40. TEXT QUESTIONS? ▸ data urls ▸ sandboxing ▸ contextualIdentities API

    ▸ (more) Tor anti-fingerprinting ▸ site permissions preference