From unknown Sat Sep 20 08:01:35 2025 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailer: MIME-tools 5.509 (Entity 5.509) Content-Type: text/plain; charset=utf-8 From: bug#52236 <52236@debbugs.gnu.org> To: bug#52236 <52236@debbugs.gnu.org> Subject: Status: PRIVACY: Integrate arkenfox for icecat configuration Reply-To: bug#52236 <52236@debbugs.gnu.org> Date: Sat, 20 Sep 2025 15:01:35 +0000 retitle 52236 PRIVACY: Integrate arkenfox for icecat configuration reassign 52236 guix submitter 52236 Jacob Hrbek severity 52236 normal thanks From debbugs-submit-bounces@debbugs.gnu.org Wed Dec 01 22:58:49 2021 Received: (at submit) by debbugs.gnu.org; 2 Dec 2021 03:58:49 +0000 Received: from localhost ([127.0.0.1]:46225 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1msdFB-0004NB-Ka for submit@debbugs.gnu.org; Wed, 01 Dec 2021 22:58:49 -0500 Received: from lists.gnu.org ([209.51.188.17]:55194) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1msdF9-0004N2-VO for submit@debbugs.gnu.org; Wed, 01 Dec 2021 22:58:48 -0500 Received: from eggs.gnu.org ([209.51.188.92]:56060) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1msdF9-0008Bo-0O for bug-guix@gnu.org; Wed, 01 Dec 2021 22:58:47 -0500 Received: from mail-40136.proton.ch ([185.70.40.136]:32610) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1msdF6-0006ZT-9q for bug-guix@gnu.org; Wed, 01 Dec 2021 22:58:46 -0500 Date: Thu, 02 Dec 2021 03:58:39 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rixotstudio.cz; s=protonmail2; t=1638417519; bh=adiTIKnA6yjl7d4PWVIkxbAqmEcriUP0fgGgrWtXV2Y=; h=Date:To:From:Reply-To:Subject:From; b=j7n2ZcqfzXW96OGz4CXbRXc4OdH6DvF3J1+LM3oDggDS8bV7ct8yX8pIxsh8BdNCo YBBE/L3eBXLBdpJddFAUnAo1TOxtvOoRkiVdPEVgdWOlyace9JgJtxNKSoS8WrePH6 oFecOme0LNpOpTfjPKfhqrnsGkyB/MNeyV9duE7PEHmM+MIZUB0DGs6EsvIXQe6zl3 XL87hyvVtQvnZL4ftpYAfusjowFHYto/rx9IgbesKo/CKBmPiq0ZB0ZYZJmS/e7RbK iRURrra8ahoWkCqHn3Dyw/ca3Umawwdts0SRNI4Jcr3IbxWLGZeq3hYJqQewnr/CGK jIdjBgA4D5byw== To: "bug-guix@gnu.org" From: Jacob Hrbek Subject: PRIVACY: Integrate arkenfox for icecat configuration Message-ID: MIME-Version: 1.0 Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg=pgp-sha512; boundary="------dfe98a77b2d0929538e0a24398b177bedf73cd240defc22dc0b2061e81137578"; charset=utf-8 X-Spam-Status: No, score=-1.2 required=10.0 tests=ALL_TRUSTED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,HTML_MESSAGE shortcircuit=no autolearn=disabled version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on mailout.protonmail.ch Received-SPF: pass client-ip=185.70.40.136; envelope-from=kreyren@rixotstudio.cz; helo=mail-40136.proton.ch X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: -1.3 (-) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Jacob Hrbek Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.3 (--) This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------dfe98a77b2d0929538e0a24398b177bedf73cd240defc22dc0b2061e81137578 Content-Type: multipart/mixed;boundary=---------------------0b100a8c69adb0859ac1a91228d356d5 -----------------------0b100a8c69adb0859ac1a91228d356d5 Content-Type: multipart/alternative;boundary=---------------------76794aad0c36aa69ba04393b848a69bb -----------------------76794aad0c36aa69ba04393b848a69bb Content-Transfer-Encoding: quoted-printable Content-Type: text/plain;charset=utf-8 Arkenfox is a community maintained u= ser.js file used for browser hardening. Proposing to implement it's configuration in GNU Guix's IceCat mainly: - geo.provider.network.uri (it's pinging google servers currently) - Actual disabling of WebRTC - Clearing on re-start (privacy.clearOnShutdown.*) - toolkit.telemetry.enable =3D false instead of forced true - etc.. Additional configuration should be defined in guix-home with sane default = so that the browser can be a sufficient replacement for Tor Browser Bundle= . -- Jacob "Kreyren" Hrbek Sent with ProtonMail Secure Email. -----------------------76794aad0c36aa69ba04393b848a69bb Content-Type: multipart/related;boundary=---------------------2a395bcba469a1bf0d8904b5a555441c -----------------------2a395bcba469a1bf0d8904b5a555441c Content-Type: text/html;charset=utf-8 Content-Transfer-Encoding: base64 PGRpdj5BcmtlbmZveCAmbHQ7PGEgaHJlZj0iaHR0cHM6Ly9naXRodWIuY29tL2Fya2VuZm94L3Vz ZXIuanMiPmh0dHBzOi8vZ2l0aHViLmNvbS9hcmtlbmZveC91c2VyLmpzPC9hPiZndDsgaXMgYSBj b21tdW5pdHkgbWFpbnRhaW5lZCB1c2VyLmpzIGZpbGUgdXNlZCBmb3IgYnJvd3NlciBoYXJkZW5p bmcuIDxicj48YnI+UHJvcG9zaW5nIHRvIGltcGxlbWVudCBpdCdzIGNvbmZpZ3VyYXRpb24gaW4g R05VIEd1aXgncyBJY2VDYXQgbWFpbmx5Ojxicj4tIGdlby5wcm92aWRlci5uZXR3b3JrLnVyaSAo aXQncyBwaW5naW5nIGdvb2dsZSBzZXJ2ZXJzIGN1cnJlbnRseSk8YnI+LSBBY3R1YWwgZGlzYWJs aW5nIG9mIFdlYlJUQzxicj4tIENsZWFyaW5nIG9uIHJlLXN0YXJ0IChwcml2YWN5LmNsZWFyT25T aHV0ZG93bi4qKTxicj4tIHRvb2xraXQudGVsZW1ldHJ5LmVuYWJsZSA9IGZhbHNlIGluc3RlYWQg b2YgZm9yY2VkIHRydWU8YnI+LSBldGMuLjxicj48YnI+QWRkaXRpb25hbCBjb25maWd1cmF0aW9u IHNob3VsZCBiZSBkZWZpbmVkIGluIGd1aXgtaG9tZSB3aXRoIHNhbmUgZGVmYXVsdCBzbyB0aGF0 IHRoZSBicm93c2VyIGNhbiBiZSBhIHN1ZmZpY2llbnQgcmVwbGFjZW1lbnQgZm9yIFRvciBCcm93 c2VyIEJ1bmRsZS48YnI+PC9kaXY+PGRpdj48YnI+PC9kaXY+PGRpdiBjbGFzcz0icHJvdG9ubWFp bF9zaWduYXR1cmVfYmxvY2siPjxkaXYgY2xhc3M9InByb3Rvbm1haWxfc2lnbmF0dXJlX2Jsb2Nr LXVzZXIiPjxkaXY+LS0gSmFjb2IgIktyZXlyZW4iIEhyYmVrPGJyPjwvZGl2PjwvZGl2PjxkaXY+ PGJyPjwvZGl2PjxkaXYgY2xhc3M9InByb3Rvbm1haWxfc2lnbmF0dXJlX2Jsb2NrLXByb3RvbiI+ U2VudCB3aXRoIDxhIHJlbD0ibm9vcGVuZXIgbm9yZWZlcnJlciIgaHJlZj0iaHR0cHM6Ly9wcm90 b25tYWlsLmNvbS8iIHRhcmdldD0iX2JsYW5rIj5Qcm90b25NYWlsPC9hPiBTZWN1cmUgRW1haWwu PC9kaXY+PC9kaXY+PGRpdj48YnI+PC9kaXY+ -----------------------2a395bcba469a1bf0d8904b5a555441c-- -----------------------76794aad0c36aa69ba04393b848a69bb-- -----------------------0b100a8c69adb0859ac1a91228d356d5 Content-Type: application/pgp-keys; filename="publickey - kreyren@rixotstudio.cz - 0x1677DB82.asc"; name="publickey - kreyren@rixotstudio.cz - 0x1677DB82.asc" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="publickey - kreyren@rixotstudio.cz - 0x1677DB82.asc"; name="publickey - kreyren@rixotstudio.cz - 0x1677DB82.asc" LS0tLS1CRUdJTiBQR1AgUFVCTElDIEtFWSBCTE9DSy0tLS0tDQpWZXJzaW9uOiBPcGVuUEdQLmpz IHY0LjEwLjEwDQpDb21tZW50OiBodHRwczovL29wZW5wZ3Bqcy5vcmcNCg0KeGpNRVlBbDNGaFlK S3dZQkJBSGFSdzhCQVFkQVFLQXBtZFI4dEc5YUtFZHh3SEovWktPMkN2Wk1SV1B0DQpCTk5HcUpV aHAyTE5MMnR5WlhseVpXNUFjbWw0YjNSemRIVmthVzh1WTNvZ1BHdHlaWGx5Wlc1QWNtbDQNCmIz UnpkSFZrYVc4dVkzbyt3bzhFRUJZS0FDQUZBbUFKZHhZR0N3a0hDQU1DQkJVSUNnSUVGZ0lCQUFJ Wg0KQVFJYkF3SWVBUUFoQ1JDdDAzMFVxMEw4cVJZaEJCWjMyNEtUaktobGM0RWpCNjNUZlJTclF2 eXA1N1FBDQovMHRsYmRuQ0l6cmVLWG12VzJYU1lYekFKb3RKZHhDekUrWEFUTStxUERLekFRQ2Ni SHA3eXc2K0FybmcNCmVTdEdGbi9vbGh4VFBkcHU2NDFDTEdpZ1BtRW9CYzQ0QkdBSmR4WVNDaXNH QVFRQmwxVUJCUUVCQjBEYQ0KaUkzalFmU29pM0RaNC9OZm14R2RzUnN2OS9CcU1nVzVqNmpkQnFr eUlBTUJDQWZDZUFRWUZnZ0FDUVVDDQpZQWwzRmdJYkRBQWhDUkN0MDMwVXEwTDhxUlloQkJaMzI0 S1RqS2hsYzRFakI2M1RmUlNyUXZ5cEhjRUINCkFPUXhTL0ovVU0wZWU4azJqYmxpV2QvUTBJZCtY OFVIQlhoeXFWUmMyMnFyQVFETEhjVzk3V1FiU0pGbw0KMTlrd3Q3ME95SGVwRjZMV3BERDBQdUlT WkQ2SUNnPT0NCj05a1pnDQotLS0tLUVORCBQR1AgUFVCTElDIEtFWSBCTE9DSy0tLS0tDQo= -----------------------0b100a8c69adb0859ac1a91228d356d5-- --------dfe98a77b2d0929538e0a24398b177bedf73cd240defc22dc0b2061e81137578 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: ProtonMail wnUEARYKAAYFAmGoRF4AIQkQrdN9FKtC/KkWIQQWd9uCk4yoZXOBIwet030U q0L8qambAP0Vl/ln5zy3UU/O4liiR+x16Fomb47tQh+EkLJmTgMRHAD/SBdw 8fUrFF7eR2MJe7vo3c6s3+MInvxjbXRWPe1LcwU= =JSXX -----END PGP SIGNATURE----- --------dfe98a77b2d0929538e0a24398b177bedf73cd240defc22dc0b2061e81137578-- From debbugs-submit-bounces@debbugs.gnu.org Thu Dec 02 10:50:11 2021 Received: (at 52236) by debbugs.gnu.org; 2 Dec 2021 15:50:11 +0000 Received: from localhost ([127.0.0.1]:48979 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1msoLa-0001dk-OD for submit@debbugs.gnu.org; Thu, 02 Dec 2021 10:50:11 -0500 Received: from albert.telenet-ops.be ([195.130.137.90]:36034) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1msoLY-0001db-I5 for 52236@debbugs.gnu.org; Thu, 02 Dec 2021 10:50:09 -0500 Received: from ptr-bvsjgyhxw7psv60dyze.18120a2.ip6.access.telenet.be ([IPv6:2a02:1811:8c09:9d00:3c5f:2eff:feb0:ba5a]) by albert.telenet-ops.be with bizsmtp id RTq62600Z4UW6Th06Tq6hx; Thu, 02 Dec 2021 16:50:06 +0100 Message-ID: Subject: Re: bug#52236: PRIVACY: Integrate arkenfox for icecat configuration From: Maxime Devos To: Jacob Hrbek , 52236@debbugs.gnu.org Date: Thu, 02 Dec 2021 15:50:05 +0000 In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" User-Agent: Evolution 3.38.3-1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telenet.be; s=r21; t=1638460207; bh=dS15ymQDGcFWbNBPxGzZg2ObgQMqkv1evJf8AlAVw94=; h=Subject:From:To:Date:In-Reply-To:References; b=q3+nFky0fvXoSaugbocYGgBzror41PFv+kKDxoWODm8Ng9thr4V8FX9E5Ejxezwey iDxV1D/H+/iCFKsvCAehxxmbkxkhYVghwUBKNDKV8tJNDFqFx1sA+0eo/z6roLo70W WFqhwVKp5icXlXcihGRq6oAxtwAfAsy9h7yr6oFpIA+0/cnCipG06DQPicFuRtMEUl /Ws+xFgaMwdDf8ahD8qMt9aDcPJ1uTV8vf05Cg0NEG50y0lpwCW2HCMu8NVuQdqGDC 7sQsXQKweBKJ2gxiivsuLzKzsXZDrKNrgNtndOlx4nLsTJ9AM2rkp4GhNPxqggZ9Tw EbUIxwnwGxmbQ== X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 52236 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) Jacob Hrbek schreef op do 02-12-2021 om 03:58 [+0000]: > Arkenfox is a community > maintained user.js file used for browser hardening. > > Proposing to implement it's configuration in GNU Guix's IceCat > mainly: [...] These things might be useful, but wouldn't IceCat's mailing lists be more appropriate for suggesting different configuration defaults? (See https://www.gnu.org/software/gnuzilla/ for the mailing lists of IceCat and other GNUzilla software.) > Additional configuration should be defined in guix-home with sane > default [...] I don't think guix home is necessary for this, wouldn't some kind of parametrised packages be sufficient? E.g., something like: (packages->manifest ;; This creates a wrapper around ticecat instructing the firefox ;; derivative to use the supplied user.js instead of wherever firefox ;; normally goes looking for things. (I don't know how to do that, ;; but should be possible?) (icecat-with-configuration ; (defined in gnu packages gnuzilla) #:user.js arkenfox ; defined in (gnu packages gnuzilla) #:package the-base-icecat-package)) ; by default icecat, but any firefox derivative will do emacs other-packages ...) That could be useful for both "guix shell --manifest=manifest.scm" and guix home users. > [...] so that the browser can be a sufficient replacement for Tor > Browser Bundle. The Tor project advised against using anything but their Tor Browser, to avoid fingerprinting. It also advised against customisation, for the same reasons. I cannot find the web page explaining the details, but comes close. Tor makes modifications to the browser, so simply modifying some settings isn't sufficient. Also, from the arkenfox/user.js README: ‘Note that we do not recommend connecting over Tor on Firefox. Use the Tor Browser if your threat model calls for it, or for accessing hidden services.’ Greetings, Maxime. From debbugs-submit-bounces@debbugs.gnu.org Thu Dec 02 19:12:43 2021 Received: (at 52236) by debbugs.gnu.org; 3 Dec 2021 00:12:43 +0000 Received: from localhost ([127.0.0.1]:49670 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mswBv-0002KP-DW for submit@debbugs.gnu.org; Thu, 02 Dec 2021 19:12:43 -0500 Received: from world.peace.net ([64.112.178.59]:55454) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mswBr-0002K4-3j for 52236@debbugs.gnu.org; Thu, 02 Dec 2021 19:12:42 -0500 Received: from mhw by world.peace.net with esmtpsa (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1mswBh-0007x1-UY; Thu, 02 Dec 2021 19:12:30 -0500 From: Mark H Weaver To: Jacob Hrbek , 52236@debbugs.gnu.org Subject: Re: bug#52236: PRIVACY: Integrate arkenfox for icecat configuration In-Reply-To: References: Date: Thu, 02 Dec 2021 19:11:52 -0500 Message-ID: <87lf12o8bg.fsf@netris.org> MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 52236 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Hi Jacob, Jacob Hrbek writes: > Arkenfox is a community > maintained user.js file used for browser hardening. In the past, I've investigated and integrated some ideas from similar "user.js"-style projects into IceCat. I'm open to integrating more, but I'd prefer to see proposals in manageable chunks on the gnuzilla mailing lists. > Proposing to implement it's configuration in GNU Guix's IceCat mainly: > > - geo.provider.network.uri (it's pinging google servers currently) Geolocation is disabled by default in IceCat. When you say that "it's pinging google servers currently", have you observed this in its default configuration, or did you enable Geolocation? FWIW, I've test-run IceCat on my own system and monitored the network traffic on a number of occasions, including after the update to 91, and I've not seen evidence of the pinging you describe. Can you please elaborate? > - Actual disabling of WebRTC Your use of the word "Actual" above seems to suggest that the IceCat project aims to disable WebRTC. I'm not aware of any such decision by the IceCat project. IceCat *does* set both "media.peerconnection.ice.no_host" and "media.peerconnection.ice.default_address_only" to true by default, however. Anyway, I'm open to discussing proposed changes to IceCat's default settings, preferably on the gnuzilla mailing lists. > - Clearing on re-start (privacy.clearOnShutdown.*) I'm open to discussing proposed changes to IceCat's default settings, but I don't think this is what most of our users want by default. There's at least one setting in about this ("Delete cookies and site data when IceCat is closed"), and I'm open to adding more settings to that page. > - toolkit.telemetry.enable = false instead of forced true I consider it a high priority to disable *all* telemetry in IceCat, and I've made an effort to do so. I've looked for evidence of telemetry by monitoring network activity when using IceCat, and I haven't found any. If you have evidence that any telemetry is actually enabled in IceCat, *please* show us the evidence. It is indeed interesting that in , "toolkit.telemetry.enable" is presented as being forced set to true. I hadn't previously noticed that. I should say that in addition to (attempting to) set "toolkit.telemetry.enable" to "false", just as Arkenfox does, we also set "toolkit.telemetry.server" to "". https://git.sv.gnu.org/cgit/gnuzilla.git/tree/data/settings.js?id=32631cac00953abbac61dc7ab1a0eafbdd59b53a#n131 Moreover, we apply some patches to IceCat to fix issues that I discovered while monitoring IceCat's network activity: https://git.sv.gnu.org/cgit/gnuzilla.git/tree/data/patches/moz-configure-changes.patch?id=32631cac00953abbac61dc7ab1a0eafbdd59b53a https://git.sv.gnu.org/cgit/gnuzilla.git/tree/data/patches/fix-data-reporting-check.patch?id=32631cac00953abbac61dc7ab1a0eafbdd59b53a https://git.sv.gnu.org/cgit/gnuzilla.git/tree/data/patches/disable-settings-services.patch?id=32631cac00953abbac61dc7ab1a0eafbdd59b53a > Additional configuration should be defined in guix-home with sane > default so that the browser can be a sufficient replacement for Tor > Browser Bundle. Please see Maxime's comments on this, which I agree with. I'm sorry to say that I don't see a way for IceCat users to hide that they are probably using IceCat. If you require strong anonymity, your best bet is to use Tor Browser Bundle. Regards, Mark -- Disinformation flourishes because many people care deeply about injustice but very few check the facts. Ask me about . From debbugs-submit-bounces@debbugs.gnu.org Thu Dec 02 19:33:38 2021 Received: (at 52236) by debbugs.gnu.org; 3 Dec 2021 00:33:38 +0000 Received: from localhost ([127.0.0.1]:49678 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mswW7-0002pZ-BP for submit@debbugs.gnu.org; Thu, 02 Dec 2021 19:33:38 -0500 Received: from world.peace.net ([64.112.178.59]:55504) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mswW2-0002pI-B2 for 52236@debbugs.gnu.org; Thu, 02 Dec 2021 19:33:33 -0500 Received: from mhw by world.peace.net with esmtpsa (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1mswVv-0000uD-Rq; Thu, 02 Dec 2021 19:33:23 -0500 From: Mark H Weaver To: Maxime Devos , Jacob Hrbek , 52236@debbugs.gnu.org Subject: Re: bug#52236: PRIVACY: Integrate arkenfox for icecat configuration In-Reply-To: References: Date: Thu, 02 Dec 2021 19:32:46 -0500 Message-ID: <87h7bqo7cm.fsf@netris.org> MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 52236 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Hi Maxime, Jacob, and others, Maxime Devos writes: > Jacob Hrbek schreef op do 02-12-2021 om 03:58 [+0000]: [...] >> [...] so that the browser can be a sufficient replacement for Tor >> Browser Bundle. > > The Tor project advised against using anything but their Tor Browser, > to avoid fingerprinting. It also advised against customisation, for the > same reasons. I cannot find the web page explaining the details, but > comes close. I agree with everything Maxime wrote here. For an in-depth discussion of the relevant issues, please see: Regarding this specific issue, see the "Sources of Fingerprinting Issues" subsection of section 4.6 (Cross-Origin Fingerprinting Unlinkability) of the document above. Thanks, Mark -- Disinformation flourishes because many people care deeply about injustice but very few check the facts. Ask me about . From debbugs-submit-bounces@debbugs.gnu.org Fri Dec 03 19:31:52 2021 Received: (at 52236) by debbugs.gnu.org; 4 Dec 2021 00:31:52 +0000 Received: from localhost ([127.0.0.1]:52455 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mtIxu-00028r-Qx for submit@debbugs.gnu.org; Fri, 03 Dec 2021 19:31:52 -0500 Received: from mail-4317.proton.ch ([185.70.43.17]:54436) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mtIxn-00028V-6D for 52236@debbugs.gnu.org; Fri, 03 Dec 2021 19:31:44 -0500 Date: Sat, 04 Dec 2021 00:31:30 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rixotstudio.cz; s=protonmail2; t=1638577890; bh=lDmabySJbWScGxH209brtGNYZvxYEIUdK+maoda1EeY=; h=Date:To:From:Cc:Reply-To:Subject:Message-ID:In-Reply-To: References:From:To:Cc; b=lfvsNPAVqzL52jHLoIyF1rP6vut8aoQ6nbzcef0Gt3myQAnSHrmc92fWV88ZWdnC8 1EteVK2Z00M1XmgbkzRkOE+Cg00QPv7s+y12VvQJ2t+fS0s0W13zSQOOXVn/CD3/TJ SqTZcSsBkaHD5PXDbQx8RRZujhx6crCtF/Bif207Ro6gUnQCUQwcSG186BKwPd64f3 pv5EX+NYcS9kNyft3GzkJ65XLbtq//Wq++3vmLEvUwhc3T6QA8KePKgi/FClwUGF7I +IXj8PoMnULWWQnSfYhMuQJdlRshRctUpfEgFManzFtrByuCVkjPHI1z6fifTguDXM tJ9MoJXjYxlcA== To: Maxime Devos From: Jacob Hrbek Subject: Re: bug#52236: PRIVACY: Integrate arkenfox for icecat configuration Message-ID: In-Reply-To: References: MIME-Version: 1.0 Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg=pgp-sha512; boundary="------3a0deb08cb8ecd414cbcc9ba0ec444e203f2c737c7ac866f92ea90fe7f22f29f"; charset=utf-8 X-Spam-Status: No, score=-1.2 required=10.0 tests=ALL_TRUSTED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF shortcircuit=no autolearn=disabled version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on mailout.protonmail.ch X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 52236 Cc: 52236@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Jacob Hrbek Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------3a0deb08cb8ecd414cbcc9ba0ec444e203f2c737c7ac866f92ea90fe7f22f29f Content-Type: multipart/mixed;boundary=---------------------42064ffcb77c700b54c111ade322de27 -----------------------42064ffcb77c700b54c111ade322de27 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain;charset=utf-8 > These things might be useful, but wouldn't IceCat's mailing lists be mor= e appropriate for suggesting different configuration defaults? (See https:= //www.gnu.org/software/gnuzilla/ for the mailing lists of IceCat and other= GNUzilla software.) -- Devos Yes there should be more effort done incecat, but I also see it being impo= rtant integrated in guix for reasons below. Be it icecat should only provide sane defaults for further configuration. > I don't think guix home is necessary for this, wouldn't some kind of par= ametrised packages be sufficient? E.g., something like -- Devos arkenfox is a **TEMPLATE** we can't just paste it in userland and expect p= eak security instead we should process the template and integrate the conf= iguration in parametrisation with cherrypicked defaults to **generate** th= e user.js and enable the user to configure it from config.scm or alike. > The Tor project advised against using anything but their Tor Browser, to= avoid fingerprinting. -- Devos DISCLAIMER: This is from my personal and unqualified research, the informa= tion provided should be discussed with a qualified professional and you sh= ould **ALWAYS** decide for yourself in relation to your threat model. To provide context: Browser fingerprinting works by either using: - Javascript which functions are used to provide unique data -> Mitigation= is disabling fingerprint or utilizing NoScript-like functionality to disa= ble specific javascript functions and making libreJS less useless. - WebGL which provides unique data about user's hardware -> Mitigation is = to disable WebGL which iceCat already does and we could also make icecat t= o run in a Virtual Machine (VM) like Xen's paravirtualization to provide t= he common VM values for reported hardware - CSS which uses exfil to pass malicious payload which can be mitigated th= rough upstream and by using functionality alike https://addons.mozilla.org= /en-US/firefox/addon/css-exfil-protection - Link tracking to pass unique identifiers in the URLs which can be mitiga= ted by removing those e.g. using ClearURL-like functionality Among other things that we can do to adapt more mitigations: - Reducing the dependency on bigtech solutions by using invidious, nitter,= libreddit, wikiless, etc.. - Containerization of tabs so that cross-side cookies can't reach across t= abs and using one tab per website. - Removing all stored data including cookies, history, etc.. on restart wi= thout the ability to restore the session. - Using uBlock origin to block ads and trackers That's bare minimum in terms of configuration that we should definitively = expand on over time, now in terms of randomization of the fingerprint: - Adapting random user-agent which seems to be the most common way of trac= king users = - Letterboxing and use of floating windows to randomize the reported windo= w lenght and width - and various randomization of values in user.js on runtime since the file= is JS and we can use JS to do that there. - Onion-routing to randomize the IP where currently we should only use tor= project's implementation as lokinet didn't yet pass independent security r= eview to my knowledge.. once it does we should randomly change the onion-r= outing implementation and if there is a VPN provider that provides a trans= parent deployment with verifiable configuration to not keep any logs then = we can also randomize the IP with that, but i wouldn't trust my payload to= any VPN provider. So to summarize we need to: 1. sanitize javascript and it's functions used across websites 2. Randomize user.js values 3. Cookies management 4. WebGL management 5. CSS mitigations 6. Be progressive on new things Now in terms of a threat model if you are a journalist, political activist= or any person who's leak of data can be life threatening then you are les= s likely to be put in such situation on TBB, but even on TBB there are way= s that are unknown to us that can be used to track invidual tor users such= as https://thehackernews.com/2021/11/researchers-demonstrate-new.html and= there are companies investing $$$$$+ in new ways to track users through b= rowser fingerprinting such as https://fingerprintjs.com where new ways are= constantly showing up. For those reasons on a theoretical bases if we can make randomized fingerp= rinting then we can basically deprecated TBB, but practically both of thes= e solutions are flawed and will be flawed as long as we keep updating fire= fox/icecat to expose new issues during development where it is unreasonabl= e to just stop development as that might expose the software to more issue= s over time. So this solution is mostly for power-users and regular users = with relaxed threat model or for high-profile targets who prefer to have m= ore control over their browser. Meaning layering defences for specific known issues (my proposal) vs relyi= ng on one huge wall (TBB). And on top of this arkenfox provides a huge amount of tests that we should= integrate to enforce out solution. NOTE: For those reasons minimal browsers such as nyxt and surf have the po= tential to be more private, but from the point of view of an attacker it's= just different vector for an attack so firefox should be preferred as it = gets more development to address these issues quickly. > Geolocation is disabled by default in IceCat. When you say that "it's p= inging google servers currently", have you observed this in its default co= nfiguration, or did you enable Geolocation? -- Weaver I use custom configuration so I was not aware of that being default, but e= ven then just simple "default" is not enough where the issue is that there= might be vulnerabilities that access the geolocation data even when it's = disabled so everything in the browser (in my proposal) should be treated a= s compromised and layer defences so in this example: Even if geolocation is disabled we can't afford treating the value in pref= s.js as not a concern and just keep google there we have to treat it as co= mpromised at all time and treat it as that it might get used at some point= to use either: a) value that breaks geolocation when accessed (vulnerability might allow = the attacker to inject their own value) b) if it's ever accessed or use more privacy-oriented provider such as moz= illa allegedly (preferably if GNUzilla made their own geolocating thing). I know that this might sound too paranoid, but due to the amount of new vu= lnerabilities in browsers (Like hell they can even use CSS now to track pe= ople! on top of AI used to find new vulnerabilities which is allegedly wha= t Facebook is doing) i believe that it's reasonable way of looking at it. > Your use of the word "Actual" above seems to suggest that the IceCat pro= ject aims to disable WebRTC. I'm not aware of any such decision by the Ic= eCat project. -- Weaver I was told by FSF representative that icecat's compilation does not includ= e support for WebRTC by default when i was invitted on the associate membe= r meetup so i was basing that opinion on that. If that is not a goal then disabling it in the settings is sufficient and = preferred for me where i assumed there being reasoning for it to be outcom= piled like that due to it being reasonably new technology which seems to b= e the common reason to do such thing. > -- Weaver This is a discussion that gets exponentially more complicated the more we = talk about it so i propose some written way of managing all these values t= o be used for implementation where my initial idea was wiki? So that the e= nd-user can just search the value and find all the relevant information to= make the decision for their threat model. > Please see Maxime's comments on this, which I agree with. I'm sorry to = say that I don't see a way for IceCat users to hide that they are probably= using IceCat. -- Weaver On top of what was provided I highlight the importance of making icecat se= em as firefox to the web e.g. by using firefox useragent instead of icecat= as icecat has significantly more unique fingerprint to firefox if it's be= ing treated as a it's own separate thing. + the randomization of the finge= rprint. --- NOTE: I would also argue for icecat to just have disabled settings page wi= th prefs.js set as read-only and owned by room with permission to read by = the relevant user to reduce the risk of vulnerability or malicious extensi= on altering the config. -- Jacob "Kreyren" Hrbek Sent with ProtonMail Secure Email. =E2=80=90=E2=80=90=E2=80=90=E2=80=90=E2=80=90=E2=80=90=E2=80=90 Original M= essage =E2=80=90=E2=80=90=E2=80=90=E2=80=90=E2=80=90=E2=80=90=E2=80=90 On Thursday, December 2nd, 2021 at 3:50 PM, Maxime Devos wrote: > Jacob Hrbek schreef op do 02-12-2021 om 03:58 [+0000]: > = > > Arkenfox https://github.com/arkenfox/user.js is a community > > = > > maintained user.js file used for browser hardening. > > = > > Proposing to implement it's configuration in GNU Guix's IceCat > > = > > mainly: [...] > = > These things might be useful, but wouldn't IceCat's mailing lists be > = > more appropriate for suggesting different configuration defaults? > = > (See https://www.gnu.org/software/gnuzilla/ for the mailing lists of > = > IceCat and other GNUzilla software.) > = > > Additional configuration should be defined in guix-home with sane > > = > > default [...] > = > I don't think guix home is necessary for this, wouldn't some kind of > = > parametrised packages be sufficient? E.g., something like: > = > (packages->manifest > = > ;; This creates a wrapper around ticecat instructing the firefox > = > ;; derivative to use the supplied user.js instead of wherever firefox > = > ;; normally goes looking for things. (I don't know how to do that, > = > ;; but should be possible?) > = > (icecat-with-configuration ; (defined in gnu packages gnuzilla) > = > #:user.js arkenfox ; defined in (gnu packages gnuzilla) > = > #:package the-base-icecat-package)) ; by default icecat, but any > = > firefox derivative will do > = > emacs other-packages ...) > = > That could be useful for both "guix shell --manifest=3Dmanifest.scm" and > = > guix home users. > = > > [...] so that the browser can be a sufficient replacement for Tor > > = > > Browser Bundle. > = > The Tor project advised against using anything but their Tor Browser, > = > to avoid fingerprinting. It also advised against customisation, for the > = > same reasons. I cannot find the web page explaining the details, but > = > https://support.torproject.org/tbb/tbb-14/ comes close. Tor makes > = > modifications to the browser, so simply modifying some settings isn't > = > sufficient. > = > Also, from the arkenfox/user.js README: > = > =E2=80=98Note that we do not recommend connecting over Tor on Firefox. U= se the > = > Tor Browser if your threat model calls for it, or for accessing hidden > = > services.=E2=80=99 > = > Greetings, > = > Maxime. -----------------------42064ffcb77c700b54c111ade322de27 Content-Type: application/pgp-keys; filename="publickey - kreyren@rixotstudio.cz - 0x1677DB82.asc"; name="publickey - kreyren@rixotstudio.cz - 0x1677DB82.asc" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="publickey - kreyren@rixotstudio.cz - 0x1677DB82.asc"; name="publickey - kreyren@rixotstudio.cz - 0x1677DB82.asc" LS0tLS1CRUdJTiBQR1AgUFVCTElDIEtFWSBCTE9DSy0tLS0tDQpWZXJzaW9uOiBPcGVuUEdQLmpz IHY0LjEwLjEwDQpDb21tZW50OiBodHRwczovL29wZW5wZ3Bqcy5vcmcNCg0KeGpNRVlBbDNGaFlK S3dZQkJBSGFSdzhCQVFkQVFLQXBtZFI4dEc5YUtFZHh3SEovWktPMkN2Wk1SV1B0DQpCTk5HcUpV aHAyTE5MMnR5WlhseVpXNUFjbWw0YjNSemRIVmthVzh1WTNvZ1BHdHlaWGx5Wlc1QWNtbDQNCmIz UnpkSFZrYVc4dVkzbyt3bzhFRUJZS0FDQUZBbUFKZHhZR0N3a0hDQU1DQkJVSUNnSUVGZ0lCQUFJ Wg0KQVFJYkF3SWVBUUFoQ1JDdDAzMFVxMEw4cVJZaEJCWjMyNEtUaktobGM0RWpCNjNUZlJTclF2 eXA1N1FBDQovMHRsYmRuQ0l6cmVLWG12VzJYU1lYekFKb3RKZHhDekUrWEFUTStxUERLekFRQ2Ni SHA3eXc2K0FybmcNCmVTdEdGbi9vbGh4VFBkcHU2NDFDTEdpZ1BtRW9CYzQ0QkdBSmR4WVNDaXNH QVFRQmwxVUJCUUVCQjBEYQ0KaUkzalFmU29pM0RaNC9OZm14R2RzUnN2OS9CcU1nVzVqNmpkQnFr eUlBTUJDQWZDZUFRWUZnZ0FDUVVDDQpZQWwzRmdJYkRBQWhDUkN0MDMwVXEwTDhxUlloQkJaMzI0 S1RqS2hsYzRFakI2M1RmUlNyUXZ5cEhjRUINCkFPUXhTL0ovVU0wZWU4azJqYmxpV2QvUTBJZCtY OFVIQlhoeXFWUmMyMnFyQVFETEhjVzk3V1FiU0pGbw0KMTlrd3Q3ME95SGVwRjZMV3BERDBQdUlT WkQ2SUNnPT0NCj05a1pnDQotLS0tLUVORCBQR1AgUFVCTElDIEtFWSBCTE9DSy0tLS0tDQo= -----------------------42064ffcb77c700b54c111ade322de27-- --------3a0deb08cb8ecd414cbcc9ba0ec444e203f2c737c7ac866f92ea90fe7f22f29f Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: ProtonMail wnUEARYKAAYFAmGqttQAIQkQrdN9FKtC/KkWIQQWd9uCk4yoZXOBIwet030U q0L8qXgSAP0Zqs2q0NS9qXisfRA4CRa6LapLsPUGzoayziex+CGxmAEAuTzU izzKKjqPRN/favVqGe/AhGLoz7AuU0/HuxnkdAc= =k7oG -----END PGP SIGNATURE----- --------3a0deb08cb8ecd414cbcc9ba0ec444e203f2c737c7ac866f92ea90fe7f22f29f-- From debbugs-submit-bounces@debbugs.gnu.org Fri Dec 03 20:28:05 2021 Received: (at 52236) by debbugs.gnu.org; 4 Dec 2021 01:28:05 +0000 Received: from localhost ([127.0.0.1]:52483 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mtJqP-0003Wa-0M for submit@debbugs.gnu.org; Fri, 03 Dec 2021 20:28:05 -0500 Received: from mail-wr1-f68.google.com ([209.85.221.68]:34367) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mtJqK-0003W5-MW for 52236@debbugs.gnu.org; Fri, 03 Dec 2021 20:28:04 -0500 Received: by mail-wr1-f68.google.com with SMTP id j3so9417394wrp.1 for <52236@debbugs.gnu.org>; Fri, 03 Dec 2021 17:28:00 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=message-id:subject:from:to:cc:date:in-reply-to:references :user-agent:mime-version:content-transfer-encoding; bh=pSBlPhk7Y5N3S8FRcXrh63hJOb2fyYZR2EgJq3QawPw=; b=J6eNh4FvG/Za55/y5plLeb5TsZ+WEbtlOItRc3paGjbXKX5A6ViJaBX0vHzAO2sVkG usAZuTe8dWbwIHWPz33i4MbmiOnVcZMBzSPXOUEaNzD3g1JWCymdT1Bh6OD/57hmKniu XJi0ox1nwkGV5L4H+mWf/txa6jOBJwn8mTw0v4jVuvQ2GYcGTZvsrnf6+ZgYziZxu+ai C/UZxthGx/89EQTu2IJ/Ylcz5q1bQwklVwvDJ5O99/bbi/kSuwlw6UaZ1m5ZtAwJ05sF pmCpxU3SedYnS8Tmb3kaanQwpNVkLXUtjS+jFcA/ZrtBRu+Q5pIIW9SMOA/Npb0Tr2S2 e8zQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:message-id:subject:from:to:cc:date:in-reply-to :references:user-agent:mime-version:content-transfer-encoding; bh=pSBlPhk7Y5N3S8FRcXrh63hJOb2fyYZR2EgJq3QawPw=; b=lT8PKcnL0nWqp6Oi8tbugDrfpimTtxfDyDL+HsKY1mJ0+Q4KwkrgjLWiFdjJLeZtlx YnNnd/MLnDU/znyjD+9sVUykxAYud8CbQvpGIAvg/w6HqWkDj5rONkTEXLhmmDEgdO6J LS+7vNnR4yHYXqynnJM5/8IigPWckxmZWK7NisyrWz7spmYxQuoM2CJJ0HVgp+XkKtKR rn04I2TPD5Yu45GkhsxavaFp9J9hflc5O4CeXlbcdBlwedftupceZ++S84trvIzsDnak Kbi0eAgjJJWq7bRyddEI+ZGc3+SdjPzBPIz/53uw0QO2SxDIS1eXQlCsD0VpwJMYL95v cf7A== X-Gm-Message-State: AOAM531RXzsDhwz6xUFBvoJI71Re/cEiJMvFuqLXLeJOuhmaSpZG0K9F f9lvqQ1b8nKohq/Gjmd6OUg= X-Google-Smtp-Source: ABdhPJw69yz2BlyXXEc3j8pw9sHAVGfPokwCuINGEnNL3ncRkjxD+nlfXAd5bnXqecRuut+cXEq3IA== X-Received: by 2002:a5d:6707:: with SMTP id o7mr26399279wru.172.1638581274519; Fri, 03 Dec 2021 17:27:54 -0800 (PST) Received: from nijino.fritz.box ([85.127.52.93]) by smtp.gmail.com with ESMTPSA id v8sm3934106wrd.84.2021.12.03.17.27.53 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 03 Dec 2021 17:27:53 -0800 (PST) Message-ID: <44e17b9e10a321ca6c39ea8328b523170ebf4496.camel@gmail.com> Subject: Re: bug#52236: PRIVACY: Integrate arkenfox for icecat configuration From: Liliana Marie Prikler To: Jacob Hrbek , Maxime Devos Date: Sat, 04 Dec 2021 02:27:48 +0100 In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" User-Agent: Evolution 3.34.2 MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 52236 Cc: 52236@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Am Samstag, den 04.12.2021, 00:31 +0000 schrieb Jacob Hrbek: > arkenfox is a **TEMPLATE** we can't just paste it in userland and > expect peak security instead we should process the template and > integrate the configuration in parametrisation with cherrypicked > defaults to **generate** the user.js and enable the user to configure > it from config.scm or alike. This is the thing that makes the least sense about this proposal. Like, even if we were to write a service that allows user.js generation through guix home, there'd be no reason to adopt arkenfox or any other template for that matter. People would have to adapt their templates to the guix home workflow, which would hopefully not be more difficult than writing some gexp. > To provide context: Browser fingerprinting works by using [a bunch of > side-channels that are hard to all disable completely...] > [...] > NOTE: For those reasons minimal browsers such as nyxt and surf have > the potential to be more private, but from the point of view of an > attacker it's just different vector for an attack so firefox should > be preferred as it gets more development to address these issues > quickly. I'm pretty sure that using (a) Firefox (variant) is the only reliable way to circumvent side-channel based fingerprinting as noted above since you probably won't be able to patch all variants (especially not those you aren't aware of yet), so better to only leak that you're "a Firefox user". That is until Chromium has all the market share and we need to switch to the bigger fish for anonymity. > > Geolocation is disabled by default in IceCat. When you say that > > "it's pinging google servers currently", have you observed this in > > its default configuration, or did you enable Geolocation? -- > > Weaver > > I use custom configuration so I was not aware of that being default You might want to generate your custom configuration with arkenfox then, so that Geolocation is always disabled. > but even then just simple "default" is not enough where the issue is > that there might be vulnerabilities that access the geolocation data > even when it's disabled so everything in the browser (in my proposal) > should be treated as compromised and layer defences so in this > example: Again, have you observed this? > Even if geolocation is disabled we can't afford treating the value in > prefs.js as not a concern and just keep google there we have to treat > it as compromised at all time and treat it as that it might get used > at some point to use either: > a) value that breaks geolocation when accessed (vulnerability might > allow the attacker to inject their own value) > b) if it's ever accessed or use more privacy-oriented provider such > as mozilla allegedly (preferably if GNUzilla made their own > geolocating thing). It'd probably be feasible to clear the value by default, but then again, that'd not really help with custom configs created from a "trusted" template, would it? > > Your use of the word "Actual" above seems to suggest that the > > IceCat project aims to disable WebRTC. I'm not aware of any such > > decision by the IceCat project. -- Weaver > > I was told by FSF representative that icecat's compilation does not > include support for WebRTC by default when i was invitted on the > associate member meetup so i was basing that opinion on that. This does not mean, that it's intentional, however. It could also be just a bug that they haven't figured out yet. For example, WebRTC in Webkit requires gst-plugins-bad, which is bad... > If that is not a goal then disabling it in the settings is sufficient > and preferred for me where i assumed there being reasoning for it to > be outcompiled like that due to it being reasonably new technology > which seems to be the common reason to do such thing. Again, no statement about an "aim". > > -- Weaver > > This is a discussion that gets exponentially more complicated the > more we talk about it so i propose some written way of managing all > these values to be used for implementation where my initial idea was > wiki? So that the end-user can just search the value and find all the > relevant information to make the decision for their threat model. I'm pretty sure you don't need a Wiki to look up the invocation for ls, do you? Similarly, to configure Emacs you would first consult the Emacs manual, no? Guix does currently in no way interfere with your ability to mess with Icecat's configuration, any documentation with that regard is therefore Icecat/Firefox' burden, not Guix'. > NOTE: I would also argue for icecat to just have disabled settings > page with prefs.js set as read-only and owned by room with permission > to read by the relevant user to reduce the risk of vulnerability or > malicious extension altering the config. To be fair, that'd be a nice quality to have, but you'd also have to make the directory itself read-only in that case and at least I personally haven't checked how well browsers like not being able to write in their "dump everything" directories. You might have more success using containers in which the files are writable, but not synced back to disc. That also gives you a playground to experiment with potentially malicious extensions. On that note, you probably shouldn't mess around with extensions as a journalist. Cheers From debbugs-submit-bounces@debbugs.gnu.org Fri Dec 17 22:20:47 2021 Received: (at 52236-done) by debbugs.gnu.org; 18 Dec 2021 03:20:47 +0000 Received: from localhost ([127.0.0.1]:40999 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1myQH9-000291-5M for submit@debbugs.gnu.org; Fri, 17 Dec 2021 22:20:47 -0500 Received: from mail-qv1-f44.google.com ([209.85.219.44]:45053) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1myQH7-00028m-9B for 52236-done@debbugs.gnu.org; Fri, 17 Dec 2021 22:20:46 -0500 Received: by mail-qv1-f44.google.com with SMTP id kd9so4139697qvb.11 for <52236-done@debbugs.gnu.org>; Fri, 17 Dec 2021 19:20:45 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:references:date:in-reply-to:message-id :user-agent:mime-version; bh=IZY8XNGRsgFfEwaAiV2zowdWnhIOAZagk8piPHsHhps=; b=iPdXwDahzYyX79y1l8T9Cc27Vsn5WIXFYmKwwbueJGgpZYeu9bHTLiGjWUeECctHhh vNTm8bGUnRQIg3oBaSm8NGdXqURYstkTtHGz9FPdOeMCXisrZj3N4ORSmaOtpd5oSiAx +VvXtgYxXLtZ5YFMdyOxWH6EPL3fSHEM0hMZjtRTex4g/Ceg3k6vXwKpVVkHdaL8OBa/ pRhaAUjjAaIzDF7jBOipvYfImieHtYQb2gWuSwLqmIRjlKm6AggzioknlqAwj+sPV2mj EF7pWUFy9FnDfV0c+zI25fMs5ufpGzGYmdTCeDz11TF14CljuY8ogFmeOsgigRz4/JpN Lm+w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:references:date:in-reply-to :message-id:user-agent:mime-version; bh=IZY8XNGRsgFfEwaAiV2zowdWnhIOAZagk8piPHsHhps=; b=7LQtRjO+D6In2y1frx5Eur/ajZgzVFIXKCSDjmj2oABM4D0TllYd0TpmAOOoj4IN85 Ox+v90vyDR1RQy5NsW1I5hR8qmdc82n/CtnrReulRKcPNVQF5Pghxkd3QCWh0X3VscLu TSKgBDNyFwQK4LRfdLjZIu/bWUP+tZBP4hEQFiDikhI4oyvx3jZP9IAMrcf2tLZexRDI f0d64xftJ9sfOrb+f4UefZwkAyx9Y5et8Y2YzT/SKSiqZpvwwHluhxzCw2cOSACjkGVt /zmz+oW2bZqdZNOQxZchx900VnTlw3Hmd17OMa9gODzCIJONjGZiuE8zUAEVSJPGLJQB XXqQ== X-Gm-Message-State: AOAM532g9RFOC/AoHPypktHIEh8mBQqy1kjCey/BoPMEH1A3TErv7G6b op17nJpM6cnTKiP3OyDHOEU3ggBXgGQ= X-Google-Smtp-Source: ABdhPJyyhPQyYioKar2ENSeeTQCMdBLiWgvjAIzCl2fICC5P49tb7vjmrmXVWJVT/POxMf9UbmyrOg== X-Received: by 2002:ad4:4ea6:: with SMTP id ed6mr664578qvb.54.1639797639557; Fri, 17 Dec 2021 19:20:39 -0800 (PST) Received: from hurd ([207.35.95.41]) by smtp.gmail.com with ESMTPSA id x21sm5954776qkf.77.2021.12.17.19.20.38 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 17 Dec 2021 19:20:39 -0800 (PST) From: Maxim Cournoyer To: Maxime Devos Subject: Re: bug#52236: PRIVACY: Integrate arkenfox for icecat configuration References: Date: Fri, 17 Dec 2021 22:20:38 -0500 In-Reply-To: (Maxime Devos's message of "Thu, 02 Dec 2021 15:50:05 +0000") Message-ID: <87ee6a61kp.fsf@gmail.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 52236-done Cc: Jacob Hrbek , 52236-done@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Hello, Maxime Devos writes: > Jacob Hrbek schreef op do 02-12-2021 om 03:58 [+0000]: >> Arkenfox is a community >> maintained user.js file used for browser hardening. >> >> Proposing to implement it's configuration in GNU Guix's IceCat >> mainly: [...] > > These things might be useful, but wouldn't IceCat's mailing lists be > more appropriate for suggesting different configuration defaults? > (See https://www.gnu.org/software/gnuzilla/ for the mailing lists of > IceCat and other GNUzilla software.) Agreed. GNU IceCat is not developed as part of Guix (although Guix is used to develop IceCat, I suppose!). Please redirect your suggestions to the appropriate channels mentioned above. Thanks for the report, Maxim From unknown Sat Sep 20 08:01:35 2025 Received: (at fakecontrol) by fakecontrolmessage; To: internal_control@debbugs.gnu.org From: Debbugs Internal Request Subject: Internal Control Message-Id: bug archived. Date: Sat, 15 Jan 2022 12:24:05 +0000 User-Agent: Fakemail v42.6.9 # This is a fake control message. # # The action: # bug archived. thanks # This fakemail brought to you by your local debbugs # administrator