Modify abrowser to have privacy features included (enable "do not track; disable location-aware browsing)

Proxecto:Trisquel
Versión:6.0
Componente:Programs
Categoría:solicitude de mellora
Prioridade:normal
Asignado:SirGrant
Estado:closed
Descrición

Description: Abrowser should change firefox's default settings concerning two privacy features:

  1. Location-Aware Browsing
  2. Do Not Track

Recomendation:

  1. Disable Location-Aware Browsing which tells websites where you are located geographically.
  2. Enable "Do Not Track" http header telling websites not to track this user.

Process: In about:config:

  1. privacy.donottrackheader.enabled should be set to "true"
  2. geo.enabled should be set to "false"
Mar, 10/23/2012 - 18:59

Additional privacy add-on. We could include the HTTPS Everywhere extension by default.

Mar, 10/23/2012 - 19:33

I mostly agree with changing the original settings (and this even knowing that I prefer a vanilla application over a modified one), but I don't think that adding add-ons to the original Abrowser from Trisquel would be a good idea, and I think that, anyone who tested IceCat will agree with me (just to say that IceCat comes with at least 4 add-ons pre-installed).

Mér, 10/24/2012 - 20:28

I think adding HTTPS Everywhere would be awesome. Too much users are unaware of security problems in browsing the internet; it should at least prevent them from some danger. Also, there are only few sites with problems with that add-on, and EFF updates it regularly. Even if it didn't, it's easy to disable HTTPS for a site in particular.

Probably, adding NoScript – https://addons.mozilla.org/en-US/firefox/addon/noscript/ – would be great for security reasons too. Perhaps it would be nice to enable javascript everywhere, since those "unaware users" would find the blocking annoying if it just appeared :-) NoScript provides many improvements in security beyond JavaScript blocking, such as automatic protecting of cookies in HTTPS connections, defense against XSS attacks and clickjacking...

Beyond that, wasn't there something about adding LibreJS – https://gnu.org/software/librejs/ – to Abrowser?

As aliasbody said, there could be problems in "embedding" too much add-ons. I would stop by those three.

The first two add-ons I mentioned (HTTPS Everywhere and NoScript) get updates more regularly than Firefox; I don't think it would be necessary to re-launch Abrowser that often to keep them updated by default, though: with automatic add-on updating, not to much to care about :-)

Sáb, 09/07/2013 - 19:35
Versión:» 6.0
Estado:active» patch (needs work)

According to this commit do not track header is enabled. What about disabling geolocation?

Dom, 09/08/2013 - 03:07

Geolocation requires the user to accept giving the information to the server, so it should not be a privacy issue.

You can test the feature at http://channy.creation.net/project/firefox/geolocation.html#

What we should do is fix the url, making it point to a page in our wiki focused on privacy.

Dom, 09/08/2013 - 08:39

I'm not sure if enabling DNT by default is such a good idea, for two reasons:

1. Many DNT proponents are encouraging browsers to NOT set it by default or to allow the user to choose, or it ruins the point of it (besides large corps, a lot of people are anti-tracking anyway).

2. DNT increases the brower fingerprint (see "Panopticlick").

Dom, 09/08/2013 - 18:58

I thought geolocation was enabled by default. If it is really opt-in then I don't see an issue.

Edit: Nevermind, it is opt-in (see last question)

Mér, 10/02/2013 - 00:49
Estado:patch (needs work)» needs more info

DNT is now enabled by default in Abrowser 24 (see gitweb).

Mér, 12/25/2013 - 18:55
Estado:needs more info» fixed
Mér, 01/08/2014 - 19:00
Estado:fixed» closed

Automatically closed -- issue fixed for 2 weeks with no activity.