Re: [dev] [surf] Firefox's tracking protection

From: Ben Woolley <tautolog_AT_gmail.com>
Date: Mon, 6 Jul 2015 11:24:47 -0700

Hi Pickfire,

No, nothing like that. Surf's code is small and simple enough that
even a novice C programmer could add such a feature. It is trivial to
filter content in surf at the code level. 99% of it would be
configuration. I encourage you to try to implement the feature. Surf
is minimal enough that a developer can *configure* it through *code*.
In that sense, it supports whatever feature you want. If you implement
the feature, you can post the patch to the website as a possible
configuration. This keeps the core surf minimal.

--
If you are interested, I have an experimental branch for tracking
issues. My strategy is to properly implement the same-origin policy,
by implementing both vertical and horizontal origin isolation -- that
is, each origin domain gets its own browser profile, and warning
prompts are issued when crossing origins, preventing data from from
being shared between origin domains within the browser. This actually
disables the mechanism exploited by resource-keyed tracking.
How it works is: each browser process is constrained to a single
origin. Any navigation away from the process-constant origin gets a
new browser process. The design of surf made it straightforward to
implement, since it already behaved 90% the way I needed.
You still get ads, but they are less targeted. Cookies still work, but
third party cookies are stored per origin domain. For example, each
website you go to will get a separate google cookie. You can still be
tracked *within* a site through cookies.
You will want to obscure your IP address, too. I consider that a separate issue.
There are some issues remaining:
 1.  POST data that crosses origins isn't preserved, so many
authentication systems don't work.
 2. You may need to symlink some profiles together to get, for
example, google's SSO to work. The profiles for gmail.com and
accounts.google.com need to be symlinked to log into gmail.
 3. The header scrambling has some known issues worked out on this
mailing list.
My experimental branch is here:
https://github.com/legitparty/surf-isolated
In that branch, use the -O flag to enable the feature. I use `surf -g
-p  -O -D example.com`
--
Take a look at my commits, and it might be clear to you where and how
to do filtering. If not, just ask, and I will explain, but I encourage
you to first just dive into the code. In fact, just opening surf.c
from the official git repo could have told you the answer to your
question in very little time. It really is *minimal*.
Cheers,
Ben
On 7/6/15, Pickfire <pickfire_AT_riseup.net> wrote:
> Hi, does surf implement tracking protection which disables sites from
> tracking using cookies and it is said that it could improve performance in
> Firefox for
> up to 44%.
>
> Thanks.
>
> --
>  _____________________________________
> < Do what you like, like what you do. >
>  -------------------------------------
>         \   ^__^
>          \  (oo)\_______
>             (__)\       )\/\
>                 ||----w |
>                 ||     ||
>
>

Received on Mon Jul 06 2015 - 20:24:47 CEST