audit iceweasel config

Done

Almost everything, as long as we use an up to date Torbutton: Mike Perry, the torbutton maintainer, has a pretty good idea of what he’s doing.

TODO

browser fingerprinting

See the Panopticlick tool, by the EFF, for fingerprinting tests and stats.

For information about the relative protection torbutton offers against this kind of leak, see

• the fingerprinting section of the Torbutton design document
• the post on the Tor blog. story that began with questions about torbutton vs private browsing mode (see this blog post on torproject and started discussions inside mozilla project.
• this thread on or-talk

Check Tails User Agent settings:

• can Torbutton update them?
• do we lighten Torbutton’s protection in any way? if so, shall we go on doing this? e.g.
  • do we set a custom or localized timezone, instead of Torbutton’s default (GMT)?
  • do we send custom or localized preferred languages for Content Negotiation?

The devel branch now enables Torbutton’s US English locale spoofing.

Firefox 3.5 or later

• turn off geolocation from the beginning in the browser preferences. New versions of Torbutton disable geolocation, but only when Torbutton is in "enabled" mode
• It may also be a good idea to disable prefetching.

Parent Task: #5769

Original created by @tails on 6118 (Redmine)