Revision bb4f9069
| orfox-spec.txt | ||
|---|---|---|
| 5 | 5 |
- The Orfox code is currently almost the exact replica of Fennec and the build instructions can be found at https://wiki.mozilla.org/Mobile/Fennec/Android#Building_Fennec. Once successfully built, this source produces a folder named android_eclipse which is where the main Fennec Browser app code is present. |
| 6 | 6 |
|
| 7 | 7 |
2. Proposed Changes |
| 8 |
- The aim of Orfox is to match the specs of the tor browser bundle for the desktop. We plan on making it an almost exact replica of the desktop app in order to provide a similar user experience to people who have been using the desktop browser. This newly implemented browser would hopefully be a replacement application to the current Orweb app that we have. |
|
| 8 |
- The aim of Orfox is to match the specs of the tor browser bundle for the desktop. |
|
| 9 |
We plan on making it an almost exact replica of the desktop app in order to provide |
|
| 10 |
a similar user experience to people who have been using the desktop browser. |
|
| 11 |
This newly implemented browser would hopefully be a replacement application to |
|
| 12 |
the current Orweb app that we have. |
|
| 13 |
|
|
| 14 |
We will match the Tor Browser design and re-use code/patches when at all possible: |
|
| 15 |
https://www.torproject.org/projects/torbrowser/design/ |
|
| 9 | 16 |
|
| 10 | 17 |
Match Tor Browser Desktop spec: |
| 11 | 18 |
- Bundling Add-ons: HTTPS Everywhere, No Script, Clean Exit |
| ... | ... | |
| 21 | 28 |
5. Positives |
| 22 | 29 |
- The vulnerabilities seen at http://xordern.net/ip-leakage-of-mobile-tor-browsers.html are not seen on Orfox. |
| 23 | 30 |
|
| 24 |
****** |
|
| 25 |
|
|
| 26 |
Here are the privacy-enhancing preferences that are on by default: |
|
| 27 |
|
|
| 28 |
Match Tor Browser "generic" user-agent: |
|
| 29 |
|
|
| 30 |
setUserAgent("Mozilla/5.0 (Windows NT 6.1; rv:17.0) Gecko/20100101 Firefox/17.0","en-us,en;q=0.5");
|
|
| 31 |
|
|
| 32 |
Turn on proxying to local Tor / Orbot proxying by default: |
|
| 33 |
|
|
| 34 |
PrefsHelper.setPref("network.proxy.type",1); //manual proxy settings
|
|
| 35 |
|
|
| 36 |
PrefsHelper.setPref("network.proxy.http","localhost"); //manual proxy settings
|
|
| 37 |
PrefsHelper.setPref("network.proxy.http_port",8118); //manual proxy settings
|
|
| 38 |
|
|
| 39 |
PrefsHelper.setPref("network.proxy.socks","localhost"); //manual proxy settings
|
|
| 40 |
PrefsHelper.setPref("network.proxy.socks_port",9050); //manual proxy settings
|
|
| 41 |
PrefsHelper.setPref("network.proxy.socks_version",5); //manual proxy settings
|
|
| 42 |
PrefsHelper.setPref("network.proxy.socks_remote_dns",true); //make sure dns is remote
|
|
| 43 |
|
|
| 44 |
//turn off any DNS optimization outside of standard flow |
|
| 45 |
PrefsHelper.setPref("network.dns.disablePrefetch",true);
|
|
| 46 |
PrefsHelper.setPref("network.dns.disablePrefetchFromHTTPS",true);
|
|
| 47 |
|
|
| 48 |
|
|
| 49 |
Disable dish cacheing: |
|
| 50 |
|
|
| 51 |
PrefsHelper.setPref("browser.cache.disk.enable",false);
|
|
| 52 |
PrefsHelper.setPref("browser.cache.memory.enable",true);
|
|
| 53 |
|
|
| 54 |
PrefsHelper.setPref("browser.cache.disk.capacity",0);
|
|
| 55 |
|
|
| 56 |
Ensure data is cleared on shutdown: |
|
| 57 |
|
|
| 58 |
PrefsHelper.setPref("privacy.clearOnShutdown.cache",true);
|
|
| 59 |
PrefsHelper.setPref("privacy.clearOnShutdown.cookies",true);
|
|
| 60 |
PrefsHelper.setPref("privacy.clearOnShutdown.downloads",true);
|
|
| 61 |
PrefsHelper.setPref("privacy.clearOnShutdown.formdata",true);
|
|
| 62 |
PrefsHelper.setPref("privacy.clearOnShutdown.history",true);
|
|
| 63 |
PrefsHelper.setPref("privacy.clearOnShutdown.offlineApps",true);
|
|
| 64 |
PrefsHelper.setPref("privacy.clearOnShutdown.passwords",true);
|
|
| 65 |
PrefsHelper.setPref("privacy.clearOnShutdown.sessions",true);
|
|
| 66 |
PrefsHelper.setPref("privacy.clearOnShutdown.siteSettings",true);
|
|
| 67 |
|
|
| 68 |
Do Not Track! |
|
| 69 |
|
|
| 70 |
PrefsHelper.setPref("privacy.donottrackheader.enabled",false);
|
|
| 71 |
PrefsHelper.setPref("privacy.donottrackheader.value",1);
|
|
| 72 |
|
|
| 73 |
Disable 3rd party cookies: |
|
| 74 |
|
|
| 75 |
PrefsHelper.setPref("network.cookie.cookieBehavior", 1);
|
|
| 76 |
|
|
| 77 |
Don't send a referrer: PrefsHelper.setPref("network.http.sendRefererHeader", 0);
|
|
| 78 |
|
|
| 79 |
Make sure certificates are up-to-date: |
|
| 80 |
PrefsHelper.setPref("security.OCSP.require", true);
|
|
| 81 |
PrefsHelper.setPref("security.checkloaduri",true);
|
|
| 82 |
|
|
| 83 |
Don't display mixed content (i.e. not secure content on a secure page) |
|
| 84 |
PrefsHelper.setPref("security.mixed_content.block_display_content", true);
|
|
| 85 |
|
|
| 86 |
Disable peer-to-peer WebRTC leak: |
|
| 87 |
PrefsHelper.setPref("media.peerconnection.enabled",false); //webrtc disabled
|
|
| 88 |
|
|
| 89 |
Disable ciphersuites that are not safe: |
|
| 90 | 31 |
|
| 91 |
//disable rc4 |
|
| 92 |
PrefsHelper.setPref("security.ssl3.ecdh_ecdsa_rc4_128_sha",false);
|
|
| 93 |
PrefsHelper.setPref("security.ssl3.ecdh_rsa_rc4_128_sha",false);
|
|
| 94 |
PrefsHelper.setPref("security.ssl3.ecdhe_ecdsa_rc4_128_sha",false);
|
|
| 95 |
PrefsHelper.setPref("security.ssl3.ecdhe_rsa_rc4_128_sha",false);
|
|
| 96 |
PrefsHelper.setPref("security.ssl3.rsa_rc4_128_md5",false);
|
|
| 97 |
PrefsHelper.setPref("security.ssl3.rsa_rc4_128_sha",false);
|
|
Also available in: Unified diff