Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Privacy & Security in Firefox Quantum

Privacy & Security in Firefox Quantum

Short summary of some of the privacy & security fixes, features, and enhancements landing in Firefox 57.

Ec25d046746de3be33779256f6957d8f?s=128

luke crouch

October 16, 2017
Tweet

Transcript

  1. PRIVACY & SECURITY IN FIREFOX QUANTUM

  2. TEXT ▸ data urls ▸ sandboxing ▸ contextualIdentities API ▸

    (more) Tor anti-fingerprinting ▸ site permissions preference
  3. TEXT ▸ data urls ▸ sandboxing ▸ contextualIdentities API ▸

    (more) Tor anti-fingerprinting ▸ site permissions preference
  4. DATA URLS

  5. DATA URLS

  6. DATA URLS

  7. DATA URLS

  8. DATA URLS

  9. DATA:URIS EFFECT(S) ON WEB DEVS ▸ hopefully none ▸ please

    tell me you’re not scripting and embedding data:uris that have to inherit their page context
  10. TEXT ▸ data urls ▸ sandboxing ▸ contextualIdentities API ▸

    (more) Tor anti-fingerprinting ▸ site permissions preference
  11. SANDBOXING

  12. TEXT SANDBOXING ▸ Browser ▸ Web Content ▸ Add-ons ▸

    Media Player ▸ NPAPI ▸ File content ▸ Compositor
  13. SANDBOXING EFFECT(S) ON WEB DEVS ▸ hopefully none ▸ unless

    you’re a Firefox add-on developer too?
  14. TEXT ▸ data urls ▸ sandboxing ▸ contextualIdentities API ▸

    (more) Tor anti-fingerprinting ▸ site permissions preference
  15. contextualIdentities

  16. contextualIdentities

  17. None
  18. None
  19. DEMO! contextualIdentities

  20. contextualIdentities EFFECT(S) ON WEB DEVS ▸ should be none if

    you’re using cookies properly! ▸ Does your site do IP-address cookie-pinning (like GitHub does/did)?
  21. TEXT ▸ data urls ▸ sandboxing ▸ contextualIdentities API ▸

    (more) Tor anti-fingerprinting ▸ site permissions preference
  22. (more) resistFingerprinting (Tor uplift)

  23. None
  24. Video Parsing Timing Attack

  25. Video Parsing Timing Attack

  26. WebGL Fingerprinting http://cseweb.ucsd.edu/~hovav/dist/canvas.pdf

  27. resistFingerprinting TOR UPLIFT EFFECT(S) ON WEB DEVS ▸ minimal -

    it’s not enabled by default (yet) ▸ potentially extensive … ▸ Come to 
 
 

  28. TEXT ▸ data urls ▸ sandboxing ▸ contextualIdentities API ▸

    (more) Tor anti-fingerprinting ▸ site permissions preference
  29. None
  30. None
  31. None
  32. None
  33. None
  34. None
  35. None
  36. SITE PERMISSIONS PREFERENCES EFFECT(S) ON WEB DEVS ▸ ask for

    permissions properly ▸ in response to a user action ▸ in the right context ▸ e.g., push notifications ▸ not on page-load ▸ don’t spam
  37. Pop-up ads = Doing it wrong

  38. https://blog.clevertap.com/app-uninstall-reporting/

  39. Annoying Pop-ups = un-installs

  40. TEXT QUESTIONS? ▸ data urls ▸ sandboxing ▸ contextualIdentities API

    ▸ (more) Tor anti-fingerprinting ▸ site permissions preference