Originally Posted by MrAlex
Hey guys, so thought I might give you a head up on what I've been working on for the last few months. The ideas for this actually started around the time Storm was released last year but in typical start-up fashion it was managed really bad and ended up failing, the ideas on the other hand were still good so I'm going to go at this solo and would appreciate any feedback.
- Try and eliminate or minimise as much as possible browser fingerprinting (by utilising Tor button)
- Switch to compilation with mingw-w64 and Clang which would mean making Windows builds on Linux, which would allow me to utilise Gitian as well as faster build times :-)
- Set up SSH servers and offer SSH tunneling to them (essentially as an alternative to VPN/Tor routing, but this may be quite difficult to do..I'll have to think of a way to prove that the SSH servers aren't logging anything/collecting anything possibly by using Gitian and depends if people even want this)
- Bring this to iOS/Android
Am I missing anything? Any other suggestions would be appreciated!
One thing you might be interested in is letting people know about the CanvasBlocker extension:
Pale Moon implements something like this natively, but Waterfox should be fine with the extension since it's a build off the latest codebase.
I definiitely applaud your pro-privacy stance here, and would again request that you include an installation option allowing users to granularly pick which about:config privacy settings they'd like enabled, e.g.
Disable network prefetch and speculative loading?
Change default search engine to (list of engines e.g. DuckDuckGo, etc)
and then something like "the recommended defaults have been pre-selected"
(I know I originally suggested just one checkbox here
, but people should have more flexibility in picking and choosing, I think.)
I've also seen repeated complaints that Firefox doesn't run like Chrome or even IE does which is to purposely run with reduced permissions regarding the filesystem so an exploit can't affect system files.
I don't know if you can "harden" WF at all regarding blocking access to critical system files by making Windows run WF with reduced privileges but if it's possible that would be a great defence in depth.
I know WF allows unsigned add-ons to be installed, but maybe a warning message to a user as a mild defence in depth would be in order: "The extension you want to install is not signed. Proceed anyway? Y/N"Edited by Quantum Reality - 10/12/16 at 10:44am