privacytests.org
privacytests.org copied to clipboard
privacytests
FF normal window mode with ETP strict
This would be a great addition, drop all those others if you need room (j/k)
TBH, I think once they get IDB and service workers into PB Mode windows, there won't be much difference (mostly sanitizing and disk avoidance (memory) or session-encrypted disk writes) - IDK the roadmap on that, it's been a few years - you'd know better than me
There are some differences, although I don't know if my tests would distinguish any at this point. But still it's something pretty easy to add so I will plan to do this at some point.
rather than create a new issue or email you ... FYI
- what's on this list not in your tests - IANAE but e.g. I don't see DNS, WebSocket, OCSP, HKPK in a very quick first glance
- note: websocket dFPI/FPI was added in FF92+
- also https://groups.google.com/g/mozilla.dev.platform/c/uDYrtq1Ne3A - I don't see CORS pre-flight, preconnect, Intermediate CA cache, speculative connections, or connection pooling
I don't know what you can or want to test, ~~and~~ or if some of those are aliases/redundant (e.g. under prefetch) - I'll just leave this in your capable hands
rather than create a new issue or email you ... FYI
* what's on [this list](https://privacycg.github.io/storage-partitioning/) not in your tests - IANAE but e.g. I don't see DNS, WebSocket, OCSP, HKPK in a very quick first glance * note: websocket dFPI/FPI was added in FF92+ * also https://groups.google.com/g/mozilla.dev.platform/c/uDYrtq1Ne3A - I don't see CORS pre-flight, preconnect, Intermediate CA cache, speculative connections, or connection poolingI don't know what you can or want to test, ~and~ or if some of those are aliases/redundant (e.g. under prefetch) - I'll just leave this in your capable hands
Yep, I want to test all of these. They're on my list. Some are pretty hard to do unfortunately. But we will see!
This will be a redundant exercise once the ETP Strict roll out finishes
By the end of the rollout program, TCP will be set as default to 100% of users
Feel free to close :)
This will be a redundant exercise once the ETP Strict roll out finishes
Not entirely redundant, because there are other differences between Standard and Strict. :)
there are other differences between Standard and Strict. :)
There are differences between FPI and non-FPI, but it's a bit pointless testing Tor Browser with FPI disabled :)
The default will be ETP Strict for everyone. TCP is ETP Strict :)
The default will be ETP Strict for everyone. TCP is ETP Strict :)
There's much more in ETP Strict than just TCP! :) Most importantly: blocking tracking scripts.
OK, then we have a different understandings of the mechanics of TCP. You should know way more than me :)
Currently it is only used in Strict mode (ignoring custom). Then I have misunderstood that rollout to mean rollout to ETP Strict - but based on your comment it must means dFPI/TCP is rolled out in ETP Standard - right? In which case, indeed, my original OP stands
There's much more in ETP Strict than just TCP
Oh I know that, and in PB mode (browser.contentblocking.features.strict) - OP was about normal windows, so I was ignoring the referer, oscp, upcoming font etc additions - was just looking at the dFPI part
Sorry, not sorry, about the noise :)