Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Privacy & Security in Firefox Quantum

luke crouch
October 16, 2017
Technology
0
90

Privacy & Security in Firefox Quantum

Short summary of some of the privacy & security fixes, features, and enhancements landing in Firefox 57.

luke crouch

October 16, 2017
Tweet

More Decks by luke crouch

See All by luke crouch
cryptory-up-to-https-atlas-2024.pdf
groovecoder
0
22
Cryptography: 500 BC to https
groovecoder
0
75
Mozilla Observatory First Draft
groovecoder
0
77
VPNs
groovecoder
0
64
Digital Privacy & Security
groovecoder
0
220
Cryptography: 500 BC to Quantum Computing
groovecoder
0
350
Just enough bitcoing to go cryptojacking with JavaScript
groovecoder
0
56
Can we protect Privacy without breaking the web
groovecoder
0
110
Hash Range Queries
groovecoder
0
68

Other Decks in Technology

See All in Technology
自己改善からチームを動かす! 「セルフエンジニアリングマネージャー」のすゝめ
shoota
6
310
Next'24 事例セッションの紹介とクラウド資格を活用したキャリア形成について語りMuscle
yasumuusan
1
430
20240416_devopsdaystokyo
kzkmaeda
1
220
Postman v10リリース後を振り返る / Looking back at Postman v10 after release
yokawasa
1
160
日本におけるデータエンジニアリングのこれまでとこれから
foursue
16
4.2k
MLOpsの「壁」を乗り越える、LINEヤフーの Data Quality as Code
lycorptech_jp
PRO
5
450
ゼロから始めるVue.jsコミュニティ貢献 / first-vuejs-community-contribution-link-and-motivation
lmi
1
120
Google Cloud Next '24でブログを10本書いた方法と勉強会を沸かせた方法
yasumuusan
0
290
[新卒向け研修資料] テスト文字列に「うんこ」と入れるな(2024年版)
infiniteloop_inc
2
10k
JSON攻略法.pdf
miyakemito
8
4.9k
エンジニア候補者向け資料2024.04.24.pdf
macloud
0
3.3k
長期間TiDBを使ってきた話 @ 私たちはなぜNewSQLを使うのかTiDB選定5社が語る選定理由と活用LT / Experiences with TiDB Over Time
chibiegg
2
880

Featured

See All Featured
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
smashingmag
244
20k
YesSQL, Process and Tooling at Scale
rocio
164
13k
Fireside Chat
paigeccino
21
2.6k
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
eileencodes
125
32k
Designing Dashboards & Data Visualisations in Web Apps
destraynor
226
51k
Into the Great Unknown - MozCon
thekraken
10
990
What's new in Ruby 2.0
geeforr
337
31k
Building Flexible Design Systems
yeseniaperezcruz
319
37k
Code Reviewing Like a Champion
maltzj
514
39k
Infographics Made Easy
chrislema
238
18k
Producing Creativity
orderedlist
PRO
337
39k
How to train your dragon (web standard)
notwaldorf
73
5.2k

Transcript

  1. PRIVACY & SECURITY IN FIREFOX QUANTUM

  2. TEXT ▸ data urls ▸ sandboxing ▸ contextualIdentities API ▸

    (more) Tor anti-fingerprinting ▸ site permissions preference

  3. TEXT ▸ data urls ▸ sandboxing ▸ contextualIdentities API ▸

    (more) Tor anti-fingerprinting ▸ site permissions preference

  4. DATA URLS

  5. DATA URLS

  6. DATA URLS

  7. DATA URLS

  8. DATA URLS

  9. DATA:URIS EFFECT(S) ON WEB DEVS ▸ hopefully none ▸ please

    tell me you’re not scripting and embedding data:uris that have to inherit their page context

  10. TEXT ▸ data urls ▸ sandboxing ▸ contextualIdentities API ▸

    (more) Tor anti-fingerprinting ▸ site permissions preference

  11. SANDBOXING

  12. TEXT SANDBOXING ▸ Browser ▸ Web Content ▸ Add-ons ▸

    Media Player ▸ NPAPI ▸ File content ▸ Compositor

  13. SANDBOXING EFFECT(S) ON WEB DEVS ▸ hopefully none ▸ unless

    you’re a Firefox add-on developer too?

  14. TEXT ▸ data urls ▸ sandboxing ▸ contextualIdentities API ▸

    (more) Tor anti-fingerprinting ▸ site permissions preference

  15. contextualIdentities

  16. contextualIdentities

  17. None
  18. None

  19. DEMO! contextualIdentities

  20. contextualIdentities EFFECT(S) ON WEB DEVS ▸ should be none if

    you’re using cookies properly! ▸ Does your site do IP-address cookie-pinning (like GitHub does/did)?

  21. TEXT ▸ data urls ▸ sandboxing ▸ contextualIdentities API ▸

    (more) Tor anti-fingerprinting ▸ site permissions preference

  22. (more) resistFingerprinting (Tor uplift)

  23. None

  24. Video Parsing Timing Attack

  25. Video Parsing Timing Attack

  26. WebGL Fingerprinting http://cseweb.ucsd.edu/~hovav/dist/canvas.pdf

  27. resistFingerprinting TOR UPLIFT EFFECT(S) ON WEB DEVS ▸ minimal -

    it’s not enabled by default (yet) ▸ potentially extensive … ▸ Come to 
 
 


  28. TEXT ▸ data urls ▸ sandboxing ▸ contextualIdentities API ▸

    (more) Tor anti-fingerprinting ▸ site permissions preference
  29. None
  30. None
  31. None
  32. None
  33. None
  34. None
  35. None

  36. SITE PERMISSIONS PREFERENCES EFFECT(S) ON WEB DEVS ▸ ask for

    permissions properly ▸ in response to a user action ▸ in the right context ▸ e.g., push notifications ▸ not on page-load ▸ don’t spam

  37. Pop-up ads = Doing it wrong

  38. https://blog.clevertap.com/app-uninstall-reporting/

  39. Annoying Pop-ups = un-installs

  40. TEXT QUESTIONS? ▸ data urls ▸ sandboxing ▸ contextualIdentities API

    ▸ (more) Tor anti-fingerprinting ▸ site permissions preference