Privacy/Security Ideas

Hi, I have some ideas for Tor Browser, maybe as a extra Version: First of

  • all, you should block the camera, microphone, location, virtual reality,
  • autoplay & pop-ups in settings. Or make it fully without these functions.
  • And integrate a fingerprint blocker plus font blocker & a antilogger (protection from keylogger) in the Tor system…

Thanks in advance

We have a global security level (see about:preferences#privacy ) which is … wait for it … used to control some “security” items - i.e we don’t use it to make fingerprinting/“privacy” harder or relax compat issues etc

We would prefer to find solutions that work across all levels and threat models

Don’t panic

  • location is gated behind a prompt, but TB also disables the API
  • camera/microphone are also gated behinds permissions and require user actions, and are protected per tab/per session in other ways - gUM (get user media) has undergone some nice changes lately. But even then TB does not currently allow webRTC, and enumeration of devices is protected with RFP (privacy.resistFingerprinting)
  • fonts
    • we already tightly control what local/system fonts are allowed - there is no need to block fonts


  • autoplay settings: we already have an open issue to enforce the same defaults for everyone:- see TZP
    • my TB: autoplaypolicy disallowed, allowed-muted | allowed-muted
    • ^ changing about:preferences#privacy > Permissions > Autoplay = fingerprintable


  • keylogging
    • not sure if you meant a typing fingerprint = hard to solve
    • if you meant sites can see what you type, then use safest security level, but even then I’m a little lost, because you clearly meant to type info on the site
    • if you meant security from 3rd parties over forms/passwords etc - that’s a little out of my expertise, but we do isolate/partition by third first party (I think we do for form data), and sanitize form data on close
  • popups
    • back in the before times, popups were legion … these days they are not really an issue. Would have to check what we do in particular that is different from upstream
1 Like