audit iceweasel config
Done
Almost everything, as long as we use an up to date Torbutton: Mike Perry, the torbutton maintainer, has a pretty good idea of what he’s doing.
TODO
browser fingerprinting
See the Panopticlick tool, by the EFF, for fingerprinting tests and stats.
For information about the relative protection torbutton offers against this kind of leak, see
- the fingerprinting section of the Torbutton design document
- the post on the Tor blog. story that began with questions about torbutton vs private browsing mode (see this blog post on torproject and started discussions inside mozilla project.
- this thread on or-talk
Check Tails User Agent settings:
- can Torbutton update them?
- do we lighten Torbutton’s protection in any way? if so, shall we go
on doing this? e.g.
- do we set a custom or localized timezone, instead of Torbutton’s default (GMT)?
- do we send custom or localized preferred languages for Content Negotiation?
The devel branch now enables Torbutton’s US English locale spoofing.
Firefox 3.5 or later
- turn off geolocation from the beginning in the browser preferences. New versions of Torbutton disable geolocation, but only when Torbutton is in "enabled" mode
- It may also be a good idea to disable prefetching.
Parent Task: #5769
Original created by @tails on 6118 (Redmine)