js-shield
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Development meeting 20211008

From: Michael McMahon
Subject: Development meeting 20211008
Date: Fri, 8 Oct 2021 11:58:23 -0400
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Icedove/78.13.0
- There is the Google voice bug.  Complex bug with several domains are difficult for users.  While it could be tempting to give the same level to all subdomains in the page, it may not be what users expect in security and privacy.
- One approach might be to set the top level domain to 1 or 0 and all of the subdomains would use that level.
- https://github.com/polcak/jsrestrictor/issues/133
- For the simple view, we should cascade what the user sets for the main window.  Only for the advanced view, how you display the subdomains.
- Brave's anti-fingerprinting seems to do the opposite.  If we are upfront with this change, it is probably OK.
- User base
  - Chrome 2000+ users
  - Firefox 510 users
- If it is easy, we should probably go with this.
- We can integrate into 0.5.3.
- A11y
  - Dark theme
    - https://github.com/polcak/jsrestrictor/issues/134
    - Might be good to add a dark theme toggle in the advanced gear settings menu.
    - Dark Reader extension gives a good starting point for dark theme CSS that can exported.  Michael will look into that.
    - The a11y review should go into this issue as well.
- https://github.com/kkapsner/CanvasBlocker differences?  They and brave do some similar things.  https://github.com/polcak/jsrestrictor/issues/63  Reply is a bit outdated, but it is something.
- One issue that we saw is that it cannot be installed in IceCat 60.  They released newer versions.  There are newer development versions, but they are not labeled as stable yet.  The latest version on gnu.org ftp is outdated https://ftp.wayne.edu/gnu/gnuzilla/.  This should be fixed within the next week or so.  No actions necessary.
- We managed to install in debug mode for FF Mobile.  It just worked and now we allow it for Firefox for android.  Great news!
- Issue about new wrappers: focus, blur events.  https://github.com/polcak/jsrestrictor/issues/135 Might be able to be used for exploits.  Would this break expected functionality?  Think about it and check out the issue.
- Since we are engaging with the community, what is our position at the moment with NLnet.  An activity is undone.  Is it expired or is it something that can be put on the remaining budget?  They might be flexible if we show proof of work.  We should confirm instead of thinking that is the case.  If so, we should focus on covering that task.  Some part would rely on FSF.  We have done some amount of outreach, but if it is closer to the definition.  If there is flexibility, we should cover that as it is a sizable section of funds.
- Chrome API implementation update.  It will not go away, but it will probably need to be rewritten.  Google released a statement last week that the functionality would be deprecated for new submissions Jan 1st 2022.  Jan 1st 2023 will be deprecated.  We have one year to rewrite essentially.  Will network boundary shield be possibility?  It will likely go away on Chrome.  Both browsers are going to implement a local network protection like the network boundary protection.  Any public links to share on this topic?
Best,
Michael McMahon | Web Developer, Free Software Foundation
GPG Key: 4337 2794 C8AD D5CA 8FCF  FA6C D037 59DA B600 E3C0
https://fsf.org | https://gnu.org
reply via email to
[Prev in Thread] Current Thread [Next in Thread]