[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [libreplanet-discuss] HTML tags that should be stripped for privacy
|
From: |
Josh Branning |
|
Subject: |
Re: [libreplanet-discuss] HTML tags that should be stripped for privacy reasons. |
|
Date: |
Sat, 28 Jan 2017 08:54:00 +0000 |
|
User-agent: |
Mozilla/5.0 (X11; Linux i686; rv:38.0) Gecko/20100101 Icedove/38.8.0 |
On 28/01/17 03:31, Mike Gerwitz wrote:
On Fri, Jan 27, 2017 at 13:29:52 +0000, Josh Branning wrote:
What I would really like is implementation details on how to avoid many of
the issues stated on this page:
https://en.wikipedia.org/wiki/Internet_privacy
So like two columns; Stated problem, and possible solution.
This isn't a problem that can be summarized as such with any meaningful
level of detail.
I'm not entirely sure what you mean by handling it on the
webserver. Is this like a privacy-respecting proxy server (in which
case you can look into things like Privoxy[0])? The other concern there
is that you'd have to MitM HTTPS connections (with the user's consent,
of course), which is dangerous.
The web server part will ideally only be an interface (like a HTTP
proxy) to the network.
MitM attacks are mitigated in a way similar to Convergence. [1]
[1] https://en.wikipedia.org/wiki/Convergence_(SSL)
There are many things that you'd have difficulty detecting outside of
the user's browser---you'd be doing static analysis on behaviors that
aren't entirely defined until runtime, or might be difficult to
detect. If you don't entirely strip out JS, it's not possible to
mitigate most things unless you execute the code on your server and
analyze it (since it can just modify the DOM).
Ultimately, the user can trust only their web browser, not a remote
server, so mitigations also have to be done there. And the level of
complexity there is staggering (see NoScript; Privacy Badger; uBlock
Origin; etc).
Accessing third-party web servers from the browser and expecting
anonymity or privacy, I agree, is not the way forward. The server is to
be run on localhost by the user of the software.
With regards to information, the Tor Browser has documented some
implementation details[1].
One of the best ways to learn how to mitigate issues is to know how to
exploit them, in practice and in theory. OWASP has some good material
(duplicated in various projects, granted) that's readily available.[2]
You can also look at commits in repositories of these various projects.
[0]: http://www.privoxy.org/
[1]: https://www.torproject.org/projects/torbrowser/design/
[2]: https://www.owasp.org/index.php/Category:OWASP_Project
Thank you for these links, they have given me much to think about.