Re: [dev] [surf] Firefox's tracking protection

From: Pickfire <pickfire_AT_riseup.net>
Date: Tue, 7 Jul 2015 14:02:44 +0800

Does they share the same memory with same process but isolated?

And what is the difference between surf and surf-isolated.

I had opened the code, it really is minimal but I don't understand it
fully as I am still a **novice** in C.

I tried to compile surf with musl-gcc. But it doesn't work, I hope you
can explain more about this and the difference on using it with cc.

I think that the ip address could be hidden by tor. I am using tor with
polipo to sockstify all outgoing network including surf. Is that
correct?

>You still get ads, but they are less targeted. Cookies still work, but
>third party cookies are stored per origin domain. For example, each
>website you go to will get a separate google cookie. You can still be
>tracked *within* a site through cookies.

What do you mean by that?

Thanks for answering my question.

On Mon, Jul 06, 2015 at 11:24:47AM -0700, Ben Woolley wrote:
>Hi Pickfire,
>
>No, nothing like that. Surf's code is small and simple enough that
>even a novice C programmer could add such a feature. It is trivial to
>filter content in surf at the code level. 99% of it would be
>configuration. I encourage you to try to implement the feature. Surf
>is minimal enough that a developer can *configure* it through *code*.
>In that sense, it supports whatever feature you want. If you implement
>the feature, you can post the patch to the website as a possible
>configuration. This keeps the core surf minimal.
>
>--
>
>If you are interested, I have an experimental branch for tracking
>issues. My strategy is to properly implement the same-origin policy,
>by implementing both vertical and horizontal origin isolation -- that
>is, each origin domain gets its own browser profile, and warning
>prompts are issued when crossing origins, preventing data from from
>being shared between origin domains within the browser. This actually
>disables the mechanism exploited by resource-keyed tracking.
>
>How it works is: each browser process is constrained to a single
>origin. Any navigation away from the process-constant origin gets a
>new browser process. The design of surf made it straightforward to
>implement, since it already behaved 90% the way I needed.
>
>You still get ads, but they are less targeted. Cookies still work, but
>third party cookies are stored per origin domain. For example, each
>website you go to will get a separate google cookie. You can still be
>tracked *within* a site through cookies.
>
>You will want to obscure your IP address, too. I consider that a separate issue.
>
>There are some issues remaining:
> 1. POST data that crosses origins isn't preserved, so many
>authentication systems don't work.
> 2. You may need to symlink some profiles together to get, for
>example, google's SSO to work. The profiles for gmail.com and
>accounts.google.com need to be symlinked to log into gmail.
> 3. The header scrambling has some known issues worked out on this
>mailing list.
>
>My experimental branch is here:
>https://github.com/legitparty/surf-isolated
>
>In that branch, use the -O flag to enable the feature. I use `surf -g
>-p -O -D example.com`
>
>--
>
>Take a look at my commits, and it might be clear to you where and how
>to do filtering. If not, just ask, and I will explain, but I encourage
>you to first just dive into the code. In fact, just opening surf.c
>from the official git repo could have told you the answer to your
>question in very little time. It really is *minimal*.
>
>Cheers,
>
>Ben
>
>On 7/6/15, Pickfire <pickfire_AT_riseup.net> wrote:
>> Hi, does surf implement tracking protection which disables sites from
>> tracking using cookies and it is said that it could improve performance in
>> Firefox for
>> up to 44%.
>>
>> Thanks.
Received on Tue Jul 07 2015 - 08:02:44 CEST

This archive was generated by hypermail 2.3.0 : Tue Jul 07 2015 - 08:12:09 CEST