docs/torbutton/en/design/CHROME_NOTES (1b97e4b0e) - tor-webwml.git

1b97e4b0e6ad500651709b419d0fd3aa0245206d

Andrew Lewman authored 13 years ago

torbutton/en/design/CHROME_NOTES   1) - Investigation of Privacy Mode:
torbutton/en/design/CHROME_NOTES   2)   - Good:
torbutton/en/design/CHROME_NOTES   3)     - Cookies Cleared+memory only
torbutton/en/design/CHROME_NOTES   4)     - Cache cleared and memory-only
torbutton/en/design/CHROME_NOTES   5)     - History not available via javascript or CSS
torbutton/en/design/CHROME_NOTES   6)     - Safe because currently unsupported:
torbutton/en/design/CHROME_NOTES   7)       - Geolocation not supported in browser
torbutton/en/design/CHROME_NOTES   8)       - DOM Storage not supported
torbutton/en/design/CHROME_NOTES   9)       - HTML5 Storage not supported
torbutton/en/design/CHROME_NOTES  10)     - Http auth is cleared
torbutton/en/design/CHROME_NOTES  11)     - Do they have a session store?
torbutton/en/design/CHROME_NOTES  12)       - Yes. It is disabled.
torbutton/en/design/CHROME_NOTES  13)     - Form history disabled
torbutton/en/design/CHROME_NOTES  14)       - But non-private entries still available
torbutton/en/design/CHROME_NOTES  15)     - Malware and phishing protection
torbutton/en/design/CHROME_NOTES  16)       - Per-url check?
torbutton/en/design/CHROME_NOTES  17)         - Doesn't seem like it..
torbutton/en/design/CHROME_NOTES  18)   - Bad:
torbutton/en/design/CHROME_NOTES  19)     - RLZ Identifier sent with all queries even in Incognito mode
torbutton/en/design/CHROME_NOTES  20)       - http://www.google.com/support/chrome/bin/answer.py?hl=en&answer=107684
torbutton/en/design/CHROME_NOTES  21)     - Flash cookies not cleared
torbutton/en/design/CHROME_NOTES  22)     - Google gears are still available
torbutton/en/design/CHROME_NOTES  23)       - Do they have their own storage?
torbutton/en/design/CHROME_NOTES  24)         - Yes. Completely ignores private mode.
torbutton/en/design/CHROME_NOTES  25)     - Safebrowsing API key not cleared?
torbutton/en/design/CHROME_NOTES  26)       - but updates may not happen "under" the incognito window
torbutton/en/design/CHROME_NOTES  27)     - Desktop resolution available
torbutton/en/design/CHROME_NOTES  28)     - Browser resolution is available
torbutton/en/design/CHROME_NOTES  29)     - SSL session keys
torbutton/en/design/CHROME_NOTES  30)       - Not cleared!
torbutton/en/design/CHROME_NOTES  31)       - They clear trusted certs tho
torbutton/en/design/CHROME_NOTES  32)     - Timezone not spoofed
torbutton/en/design/CHROME_NOTES  33) 
torbutton/en/design/CHROME_NOTES  34) - Misc Features we definitely need:
torbutton/en/design/CHROME_NOTES  35)   - Incognito-specific proxy settings
torbutton/en/design/CHROME_NOTES  36)     - Browser proxy settings currently do not apply immediately
torbutton/en/design/CHROME_NOTES  37)   - Plugin enable/disable controls
torbutton/en/design/CHROME_NOTES  38)   - Spoof user agent
torbutton/en/design/CHROME_NOTES  39)   - Referer alteration API
torbutton/en/design/CHROME_NOTES  40)   - Autolaunching of remote apps needs to be disabled
torbutton/en/design/CHROME_NOTES  41)   - API to opt-out of all the opt-in tracking for incognito mode
torbutton/en/design/CHROME_NOTES  42)   - Cookie API would be nice
torbutton/en/design/CHROME_NOTES  43)   - Need network.security.ports.banned
torbutton/en/design/CHROME_NOTES  44)     - http://www.remote.org/jochen/sec/hfpa/hfpa.pdf
torbutton/en/design/CHROME_NOTES  45)   - Resize windows (content-window side possibly ok)
torbutton/en/design/CHROME_NOTES  46) 
torbutton/en/design/CHROME_NOTES  47) - Future investigation
torbutton/en/design/CHROME_NOTES  48)   - Non-private form history still available
torbutton/en/design/CHROME_NOTES  49)     - Forms seem to not be auto-filled, but this may be different
torbutton/en/design/CHROME_NOTES  50)       for some fields?
torbutton/en/design/CHROME_NOTES  51)   - How evil is google update? will it happen over incognito?
torbutton/en/design/CHROME_NOTES  52)     - http://en.wikipedia.org/wiki/Google_Updater#Google_Updater
torbutton/en/design/CHROME_NOTES  53)     - http://en.wikipedia.org/wiki/SRWare_Iron#Differences_from_Chrome
torbutton/en/design/CHROME_NOTES  54)     - http://foliovision.com/2008/12/09/adwords-ppc-organic-rlz/
torbutton/en/design/CHROME_NOTES  55)   - Test in more detail with sysinternals for disk writes
torbutton/en/design/CHROME_NOTES  56)   - What about safebrowsing requests? Can they bypass proxy?
torbutton/en/design/CHROME_NOTES  57)   - Video tag supports H264 and ogg via ffmpeg
torbutton/en/design/CHROME_NOTES  58)     - Hrmm.. proxy bypass ability?
torbutton/en/design/CHROME_NOTES  59) 
torbutton/en/design/CHROME_NOTES  60) - Test results. Used Incognito Mode with the test suites from:

migrate the files to the ri...

Andrew Lewman authored 13 years ago

torbutton/en/design/CHROME_NOTES  61)   https://www.torproject.org/torbutton/design/#SingleStateTesting