Search completed in 0.91 seconds.
Privacy, permissions, and information security
cooperation among web content, the web browser, and the web server is needed to achieve as much
privacy and information security as possible.
... security and
privacy defined before we go into any depth about the various security and
privacy features available to users on the web, let's define some important terms.
...
privacy the concept of
privacy is somewhat hard to define.
...And 8 more matches
Referer header: privacy and security concerns - Web security
there are
privacy and security risks associated with the referer http header.
... policy and requirements it would make sense to write a set of security and
privacy requirements for your project team(s) that specify usage of such features to mitigate the associated risks.
Privacy
this document lists
privacy-related documentation.
Privacy and the :visited selector - CSS: Cascading Style Sheets
little white lies to preserve users'
privacy, firefox and other browsers will lie to web applications under certain circumstances: the window.getcomputedstyle method, and similar functions such as element.queryselector, will always return values indicating that a user has never visited any of the links on a page.
Localization content best practices
dtd files <!-- localization note (entity name): {{
privacy}} will be replaced at run-time by an active link.
... the string '
privacy-link' will be used as text for this link.
... --> properties files # localization note(
privacy-text): {{
privacy}} will be replaced at run-time by an # active link.
...And 8 more matches
Mozilla Crypto FAQ - Archive of obsolete content
will we be able to use gnu
privacy guard or other pgp versions with mozilla?
...based on statements made in various internet forums it appears that the developers of gnu
privacy guard may create a plugin module to support invocation of gnupg functionality from mozilla; network associates may also create a commercial pgp plugin for mozilla.
... the cryptography policy page maintained by the electronic
privacy information center (epic).
...And 7 more matches
Index - MDN Web Docs Glossary: Definitions of Web-related terms
75 cipher cryptography, glossary,
privacy, security in cryptography, a cipher is an algorithm that can encode cleartext to make it unreadable, and to decode it back.
... 77 ciphertext cryptography, glossary,
privacy, security in cryptography, a ciphertext is a scrambled message that conveys information but is not legible unless decrypted with the right cipher and the right secret (usually a key), reproducing the original cleartext.
... 96 cryptanalysis cryptography, glossary,
privacy, security cryptanalysis is the branch of cryptography that studies how to break codes and cryptosystems.
...And 6 more matches
Supporting per-window private browsing - Archive of obsolete content
} } catch(e) { components.utils.reporterror(e); return; } } obtaining an nsiloadcontext for
privacy-sensitive apis some apis (such as nsitransferable and nsiwebbrowserpersist) take nsiloadcontext arguments that are used to determine whether they should be classed as private or not (for example, whether the uri being persisted by saveuri should be added to the permanent download history).
... to do this, import resource://gre/modules/privatebrowsingutils.jsm and use privatebrowsingutils.get
privacycontextfromwindow(win), passing a window object that is related to the content in question.
...if some action triggered by a chrome element (such as a button) requires an api that takes a
privacy context, the most relevant window is the one that contains the chrome element.
...And 5 more matches
nsIWebBrowserPersist
void savedocument(in nsidomdocument adocument, in nsisupports afile, in nsisupports adatapath, in string aoutputcontenttype, in unsigned long aencodingflags, in unsigned long awrapcolumn); void saveuri(in nsiuri auri, in nsisupports acachekey, in nsiuri areferrer, in long areferrerpolicy, in nsiinputstream apostdata, in string aextraheaders, in nsisupports afile, in nsiloadcontext a
privacycontext); void save
privacyawareuri(in nsiuri auri, in nsisupports acachekey, in nsiuri areferrer, in long areferrerpolicy, in nsiinputstream apostdata, in string aextraheaders, in nsisupports afile, in boolean aisprivate); attributes attribute type description currentstate unsigned long current state of the persister object.
... void saveuri( in nsiuri auri, in nsisupports acachekey, in nsiuri areferrer, in long areferrerpolicy, in nsiinputstream apostdata, in string aextraheaders, in nsisupports afile, in nsiloadcontext a
privacycontext ); parameters auri uri to save to file.
... a
privacycontext a context derived from a relevant window or document (eg.
...And 5 more matches
Downloading Files - Archive of obsolete content
components.utils.import("resource://gre/modules/privatebrowsingutils.jsm"); const webbrowserpersist = components.constructor("@mozilla.org/embedding/browser/nswebbrowserpersist;1", "nsiwebbrowserpersist"); var persist = webbrowserpersist(); var targetfile = services.dirsvc.get("desk", ci.nsifile); targetfile.append("file.bin"); // obtain the
privacy context of the browser window that the url // we are downloading comes from.
...var
privacy = privatebrowsingutils.
privacycontextfromwindow(urlsourcewindow); persist.persistflags = persist.persist_flags_from_cache | persist.persist_flags_replace_existing_files; persist.saveuri(uritosave, null, null, null, "", targetfile,
privacy); if you don't need detailed progress information, you might be happier with nsidownloader.
...ingutils.jsm"); const webbrowserpersist = components.constructor("@mozilla.org/embedding/browser/nswebbrowserpersist;1", "nsiwebbrowserpersist"); var persist = webbrowserpersist(); var targetfile = services.dirsvc.get("desk", ci.nsifile); targetfile.append("file.bin"); var obj_uri = services.io.newuri(aurltodownload, null, null); // obtain the
privacy context of the browser window that the url // we are downloading comes from.
...And 4 more matches
Updating addons broken by private browsing changes - Archive of obsolete content
moziasyncfavicons/nsifaviconservice: setandfetchfaviconforpage/setandloadfaviconforpage now take a required
privacy status argument, either nsifaviconservice.favicon_load_private or nsifaviconservice.favicon_load_non_private.
... nsicontentprefservice: getpref, setpref, haspref, hascachedpref, removepref, removegroupedprefs, removeprefsbyname, getprefs, and getprefsbyname all take a required nsiloadcontext argument to indicate the
privacy status of the pref in question.
... use privatebrowsingutils.get
privacycontextfromwindow(win) to obtain it from the relevant window.
...And 2 more matches
Using the clipboard
r the built-in transferable class const nstransferable = components.constructor("@mozilla.org/widget/transferable;1", "nsitransferable"); // create a wrapper to construct an nsitransferable instance and set its source to the given window, when necessary function transferable(source) { var res = nstransferable(); if ('init' in res) { // when passed a window object, find a suitable
privacy context for it.
... if (source instanceof ci.nsidomwindow) // note: in gecko versions >16, you can import the privatebrowsingutils.jsm module // and use privatebrowsingutils.
privacycontextfromwindow(sourcewindow) instead source = source.queryinterface(ci.nsiinterfacerequestor) .getinterface(ci.nsiwebnavigation); res.init(source); } return res; } here, the string "text to copy" will be copied but you can replace this with the text string that you want to copy.
...next we need to initialize it with a "
privacy context", which will ensure that source data from inside private browsing mode will be cleared when the mode is exited.
...And 2 more matches
Using the Screen Capture API - Web APIs
note: for
privacy and security reasons, screen sharing sources are not enumerable using enumeratedevices().
... security as is always the case when sharing content over a network, it's important to consider the
privacy and safety implications of screen sharing.
... potential risks
privacy and security issues surrounding screen sharing are usually not overly serious, but they do exist.
...And 2 more matches
:visited - CSS: Cascading Style Sheets
for
privacy reasons, the styles that can be modified using this selector are very limited.
... styling restrictions for
privacy reasons, browsers strictly limit which styles you can apply using this pseudo-class, and how they can be used: allowable css properties are color, background-color, border-color, border-bottom-color, border-left-color, border-right-color, border-top-color, column-rule-color, outline-color, text-decoration-color, and text-emphasis-color.
... note: for more information on these limitations and the reasons behind them, see
privacy and the :visited selector.
...And 2 more matches
MCD, Mission Control Desktop, AKA AutoConfig - Archive of obsolete content
[root@calaz firefox]# cat firefox.cfg //put everything in a try/catch try { //
privacy & security defaultpref("signon.remembersignons", false); //proxy and cache, as it is on nfs volume, we don't want cache lockpref("browser.cache.disk.capacity", 0); lockpref("network.cookie.cookiebehavior", 0); defaultpref("network.proxy.autoconfig_url", "http://wpad.int-evry.fr/wpad.dat"); defaultpref("network.proxy.type", 2); lockpref("network.protocol-handler.app.mailto", "/usr/bin/thunderbird...
...uild platform target i686-pc-linux-gnu build tools compiler version compiler flags gcc gcc version 3.4.3 20050227 (red hat 3.4.3-22.fc3) -wall -w -wno-unused -wpointer-arith -wcast-align -wno-long-long -pedantic -pthread -pipe c++ gcc version 3.4.3 20050227 (red hat 3.4.3-22.fc3) -fno-rtti -fno-exceptions -wall -wconversion -wpointer-arith -wcast-align -woverloaded-virtual -wsynth -wno-ctor-dtor-
privacy -wno-non-virtual-dtor -wno-long-long -pedantic -fshort-wchar -pthread -pipe -i/usr/x11r6/include configure arguments --disable-mailnews --enable-extensions=cookie,xml-rpc,xmlextras,pref,transformiix,universalchardet,webservices,inspector,gnomevfs,negotiateauth --enable-crypto --disable-composer --enable-single-profile --disable-profilesharing --with-system-jpeg --with-system-zlib --with-system-p...
... [root@b008-02 /usr/lib/firefox-1.5.0.2] $cat firefox.cfg //put everything in a try/catch try { //
privacy & security defaultpref("signon.remembersignons", false); // 1) env variables if(getenv("user") != "") { // *nix settings var env_user = getenv("user"); var env_home = getenv("home"); } else { // windows settings var env_user = getenv("username"); var env_home = getenv("homepath"); } var env_mozdebug = getenv("mozilla_debug"); /* 2) define here (because if set after "3)" below it doe...
...up.homepage_override", true); lockpref("startup.homepage_override_url", "http://www.int-evry.fr/s2ia/portail/"); //unlockpref("startup.homepage_override_url"); lockpref("browser.cache.disk.capacity", 100); lockpref("network.cookie.cookiebehavior", 0); //network preferences lockpref("network.proxy.autoconfig_url", "http://www.int-evry.fr/local/config.proxy"); lockpref("network.proxy.type", 2); //
privacy & security defaultpref("signon.remembersignons", false); //account lockpref("mail.account.account1.identities", "id1"); lockpref("mail.account.account1.server", "server1"); lockpref("mail.account.account2.server", "server2"); lockpref("mail.account.account3.server", "server3"); lockpref("mail.accountmanager.accounts", "account1,account2,account3"); lockpref("mail.accountmanager.defaultaccount", ...
nsICookieService
this parameter may be null, but it is strongly recommended that a non-null value be provided to ensure that the cookie
privacy preferences are honored.
...this parameter may be null, but it is strongly recommended that a non-null value be provided to ensure that the cookie
privacy preferences are honored.
...this parameter may be null, but it is strongly recommended that a non-null value be provided to ensure that the cookie
privacy preferences are honored.
...this parameter may be null, but it is strongly recommended that a non-null value be provided to ensure that the cookie
privacy preferences are honored.
MediaDevices.getUserMedia() - Web APIs
while information about a user's cameras and microphones are inaccessible for
privacy reasons, an application can request the camera and microphone capabilities it needs and wants, using additional constraints.
...
privacy and security as an api that may involve significant
privacy concerns, getusermedia()'s specification lays out a wide array of
privacy and security requirements that browsers are obligated to meet.
... for additional details on these requirements and rules, how they are reflected in the context in which your code is running, and about how browsers manage user
privacy and security issues, read on.
... user
privacy as an api that may involve significant
privacy concerns, getusermedia() is held by the specification to very specific requirements for user notification and permission management.
<img>: The Image Embed element - HTML: Hypertext Markup Language
there are many other attributes to achieve various purposes: referrer/cors control for security and
privacy: see crossorigin and referrerpolicy.
...there are a number of situations in which a browser might not display images, such as: non-visual browsers (such as those used by people with visual impairments) the user chooses not to display images (saving bandwidth,
privacy reasons) the image is invalid or an unsupported type in these cases, the browser may replace the image with the text in the element's alt attribute.
... security and
privacy concerns although <img> elements have innocent uses, they can have undesirable consequences for user security and
privacy.
... see referer header:
privacy and security concerns for more information and mitigations.
Index
169
privacy privacy, security this document lists
privacy-related documentation.
... 170 storage access policy: block cookies from trackers
privacy, storage access policy, tracking protection firefox includes a new storage access policy that blocks cookies and other site data from third-party tracking resources.
... 171 tracking protection
privacy, private browsing, blocking, tracking starting in version 42, firefox desktop and firefox for android include built-in tracking protection.
Notes on TLS - SSL 3.0 Intolerant Servers
you can also avoid such a problem by editing an existing profile -- check the preference option setting at: edit | preferences |
privacy and security | ssl | enable tls, and turn it off if it is on for these earlier browsers.
... post a note on your site instructing users of old versions of browsers like netscape 6.0/6.01/6.1 preview release 1 and mozilla 0.9.1 and earlier to turn off the tls option at: edit | preferences |
privacy and security | ssl | enable tls.
... when you find a secure site which simply does not display any page content or drops the connection, check to see if the preference option edit | preferences |
privacy and security | ssl | enable tls is turned on.
sslerr.html
only password integrity and
privacy modes supported.
... sec_error_pkcs12_
privacy_password_incorrect -8107 unable to import.
... incorrect
privacy password.
Setting HTTP request headers
throw components.results.ns_error_no_interface; return this; }, createinstance: function (outer, iid) { log("----------------------------> createinstance"); return new myhttplistener(); } }, canunload: function(compmgr) { return true; } }; function nsgetmodule(compmgr, filespec) { return mymodule; }
privacy and security good practice a use case for setting specific a http request header is to have a specific web site be able to check if a specific plugin / addon / extension is installed.
...by not advertising to all sites what extensions are installed this improves both
privacy (this makes it harder to track a user known by his set of plugins, addons and extensions) and security (some plugins, addons and extensions may be known to have flaws by attackers).
... with this
privacy and security addition the code to use becomes: observe: function(subject, topic, data) { if (topic == "http-on-modify-request") { var httpchannel = subject.queryinterface(ci.nsihttpchannel); if (/site.net/.test(httpchannel.originaluri.host)) { httpchannel.setrequestheader("x-hello", "world", false); } } }, ...
Animation.currentTime - Web APIs
in firefox, the
privacy.reducetimerprecision preference is enabled by default and defaults to 20us in firefox 59; in 60 it will be 2ms.
... // reduced time precision with `
privacy.resistfingerprinting` enabled animation.currenttime; // 49.8 // 50.6 // 51.7 // ...
... in firefox, you can also enabled
privacy.resistfingerprinting, the precision will be 100ms or the value of
privacy.resistfingerprinting.reducetimerprecision.microseconds, whichever is larger.
Animation.startTime - Web APIs
in firefox, the
privacy.reducetimerprecision preference is enabled by default and defaults to 20us in firefox 59; in 60 it will be 2ms.
... // reduced time precision with `
privacy.resistfingerprinting` enabled animation.starttime; // 49.8 // 50.6 // 51.7 // ...
... in firefox, you can also enabled
privacy.resistfingerprinting, the precision will be 100ms or the value of
privacy.resistfingerprinting.reducetimerprecision.microseconds, whichever is larger.
AnimationPlaybackEvent.currentTime - Web APIs
in firefox, the
privacy.reducetimerprecision preference is enabled by default and defaults to 20us in firefox 59; in 60 it will be 2ms.
... // reduced time precision with `
privacy.resistfingerprinting` enabled playbackevent.currenttime; // 49.8 // 50.6 // 51.7 // ...
... in firefox, you can also enabled
privacy.resistfingerprinting, the precision will be 100ms or the value of
privacy.resistfingerprinting.reducetimerprecision.microseconds, whichever is larger.
AnimationTimeline.currentTime - Web APIs
in firefox, the
privacy.reducetimerprecision preference is enabled by default and defaults to 20us in firefox 59; in 60 it will be 2ms.
... // reduced time precision with `
privacy.resistfingerprinting` enabled animationtimeline.currenttime; // 49.8 // 50.6 // 51.7 // ...
... in firefox, you can also enable
privacy.resistfingerprinting; the precision will be 100ms or the value of
privacy.resistfingerprinting.reducetimerprecision.microseconds, whichever is larger.
BaseAudioContext.currentTime - Web APIs
in firefox, the
privacy.reducetimerprecision preference is enabled by default and defaults to 20us in firefox 59; in 60 it will be 2ms.
... // reduced time precision with `
privacy.resistfingerprinting` enabled audioctx.currenttime; // 49.8 // 50.6 // 51.7 // ...
... in firefox, you can also enabled
privacy.resistfingerprinting, the precision will be 100ms or the value of
privacy.resistfingerprinting.reducetimerprecision.microseconds, whichever is larger.
DOMHighResTimeStamp - Web APIs
in firefox, the
privacy.reducetimerprecision preference is enabled by default and defaults to 20 µs in firefox 59; in 60 it will be 2ms.
... // reduced time precision with `
privacy.resistfingerprinting` enabled event.timestamp; // 1519129853500 // 1519129858900 // 1519129864400 // ...
... in firefox, you can also enable
privacy.resistfingerprinting, the precision will be 100ms or the value of
privacy.resistfingerprinting.reducetimerprecision.microseconds, whichever is larger.
Event.timeStamp - Web APIs
in firefox, the
privacy.reducetimerprecision preference is enabled by default and defaults to 20us in firefox 59; in 60 it will be 2ms.
... // reduced time precision with `
privacy.resistfingerprinting` enabled event.timestamp; // 1519129853500 // 1519129858900 // 1519129864400 // ...
... in firefox, if you also enable
privacy.resistfingerprinting, the precision will be 100ms or the value of
privacy.resistfingerprinting.reducetimerprecision.microseconds, whichever is larger.
File.lastModified - Web APIs
in firefox, the
privacy.reducetimerprecision preference is enabled by default and defaults to 20us in firefox 59; in 60 it will be 2ms.
... // reduced time precision with `
privacy.resistfingerprinting` enabled somefile.lastmodified; // 1519129853500 // 1519129858900 // 1519129864400 // ...
... in firefox, you can also enabled
privacy.resistfingerprinting, the precision will be 100ms or the value of
privacy.resistfingerprinting.reducetimerprecision.microseconds, whichever is larger.
File.lastModifiedDate - Web APIs
in firefox, the
privacy.reducetimerprecision preference is enabled by default and defaults to 20us in firefox 59; in 60 it will be 2ms.
... // reduced time precision with `
privacy.resistfingerprinting` enabled somefile.lastmodifieddate.gettime(); // 1519129853500 // 1519129858900 // 1519129864400 // ...
... in firefox, you can also enable
privacy.resistfingerprinting, the precision will be 100ms or the value of
privacy.resistfingerprinting.reducetimerprecision.microseconds, whichever is larger.
Index - Web APIs
for
privacy reasons, the user is asked for permission to report location information.
...in modern browsers this property now returns a fixed timestamp as a
privacy measure, e.g.
...also, the lower and upper bounds are used to protect
privacy of owners of very low- or high-end devices.
performance.now() - Web APIs
in firefox, the
privacy.reducetimerprecision preference is enabled by default and defaults to 1ms.
... // reduced time precision with `
privacy.resistfingerprinting` enabled performance.now(); // 8865400 // 8866200 // 8866700 // ...
... in firefox, you can also enable
privacy.resistfingerprinting — this changes the precision to 100ms or the value of
privacy.resistfingerprinting.reducetimerprecision.microseconds, whichever is larger.
WEBGL_debug_renderer_info - Web APIs
depending on the
privacy settings of the browser, this extension might only be available to privileged contexts.
... availability: depending on the
privacy settings of the browser, this extension might only be available to privileged contexts or not work at all.
... in firefox, if
privacy.resistfingerprinting is set to true, this extensions is disabled.
Content negotiation - HTTP
the information by the client is quite verbose (http/2 header compression mitigates this problem) and a
privacy risk (http fingerprinting) as several representations of a given resource are sent, shared caches are less efficient and server implementations are more complex.
... with utf-8 now being well-supported, being the preferred way of encoding characters, and to guarantee better
privacy through less configuration-based entropy, browsers omit the accept-charset header: internet explorer 8, safari 5, opera 11, firefox 10 and chrome 27 have abandoned this header.
...the more precise headers are sent, the more entropy is sent, allowing for more http fingerprinting and corresponding
privacy concern.
Using HTTP cookies - HTTP
tracking and
privacy third-party cookies a cookie is associated with a domain.
... cookie-related regulations legislation or regulations that cover the use of cookies include: the general data
privacy regulation (gdpr) in the european union the e
privacy directive in the eu the california consumer
privacy act these regulations have global reach, because they apply to any site on the world wide web that is accessed by users from these jurisdictions (the eu and california, with the caveat that california's law applies only to entities with gross revenue over 25 million usd, among other things...
...these techniques violate the principles of user
privacy and user control, may violate data
privacy regulations, and could expose a website using them to legal liability.
HTTP Index - HTTP
45 http cookies advertising, browser, cookies, cookies article, guide, http, history, javascript,
privacy, protocols, server, storage, web development, data, request, tracking an http cookie (web cookie, browser cookie) is a small piece of data that a server sends to the user's web browser.
...it lets users indicate whether they would prefer
privacy rather than personalized content.
... 175 referrer-policy http, http header,
privacy, reference, referrer-policy, response, response header, referrer the referrer-policy http header controls how much referrer information (sent via the referer header) should be included with requests.
Date.prototype.getTime() - JavaScript
in firefox, the
privacy.reducetimerprecision preference is enabled by default and defaults to 20µs in firefox 59; in 60 it will be 2ms.
... // reduced time precision with `
privacy.resistfingerprinting` enabled new date().gettime(); // 1519129853500 // 1519129858900 // 1519129864400 // ...
... in firefox, you can also enable
privacy.resistfingerprinting, the precision will be 100ms or the value of
privacy.resistfingerprinting.reducetimerprecision.microseconds, whichever is larger.
Date.now() - JavaScript
in firefox, the
privacy.reducetimerprecision preference is enabled by default and defaults to 20µs in firefox 59; in 60 it will be 2ms.
... // reduced time precision with `
privacy.resistfingerprinting` enabled date.now(); // 1519129853500 // 1519129858900 // 1519129864400 // ...
... in firefox, you can also enable
privacy.resistfingerprinting, the precision will be 100ms or the value of
privacy.resistfingerprinting.reducetimerprecision.microseconds, whichever is larger.
XUL accessibility guidelines - Archive of obsolete content
for example, under the
privacy section of preferences there are three groupboxes captioned: history, cookies, and private data.
...for example, the first item in the
privacy panel in the firefox option dialog (discussed and shown above) is [checkbox] remember visited pages for the last [textbox] days.
Links and Resources
webxact™ from watchfire® corporation webxact™ is a free and complete online accessibility validation service that can test single pages for quality, accessibility and
privacy issues.
...just like webxact, it can also perform a "complete webpage quality check" for accessibility,
privacy, searchability, metadata and even alt text attribute quality.
Benchmarking
they are currently reduce to a multiple of 2ms; which is controlled by the
privacy.reducetimerprecision about:config flag.
... the exact value of the precision is controlled by the
privacy.resistfingerprinting.reducetimerprecision.microseconds about:config flag.
Reviewer Checklist
privacy issues there should be no logging of urls or content from which urls may be inferred.
... tag for
privacy review if needed.
Creating localizable web applications
bad: <a href="http://www.mozilla.com/
privacy-policy.html"><?= _('
privacy policy'); ?></a> snippet 2.
... good: css: a[hreflang="en"]::after { content: " [en]" } html/php: <a href="http://www.mozilla.com/
privacy-policy.html" hreflang="en"><?= _('
privacy policy'); ?></a> don't mingle app logic and localizable content when using pure html if you decide not to use gettext on some pages (e.g.
about:memory
note that in both cases the generated data contains
privacy-sensitive details such as the full list of the web pages you have open in other tabs.
...this will cause the
privacy-sensitive data to be stripped out, but it may also make it harder for others to investigate the memory usage.
nsIAnnotationService
otherwise, uris can exist in history as annotations but the user has no way of knowing it, potentially violating their
privacy expectations about actions such as clear history.
...otherwise, uris can exist in history as annotations but the user has no way of knowing it, potentially violating their
privacy expectations about actions such as clear history.
Examine and edit CSS - Firefox Developer Tools
if you have set
privacy.resistfingerprinting to true, prefers-color-scheme preference is overridden to light.
... in order to use this simulator, you must set
privacy.resistfingerprinting to false.
Using IndexedDB - Web APIs
also, indexeddb storage in browsers'
privacy modes only lasts in-memory until the incognito session is closed (private browsing mode for firefox and incognito mode for chrome, but in firefox this is not implemented yet as of april 2020 so you can't use indexeddb in firefox private browsing at all).
...(whether this is a good idea for
privacy is a different question, and outside the scope of this article.) if you need to look up a customer by name, however, you'll need to iterate over every ssn in the database until you find the right one.
NavigatorPlugins.plugins - Web APIs
in firefox 29 and later, enumeration of the navigator.plugins array may be restricted as a
privacy measure.
...this
privacy change does not disable any plugins; it just hides some plugin names from enumeration.
Using the Payment Request API - Web APIs
pportedpaymentmethodnames(), buildshoppingcartdetails()); request.canmakepayment().then(function(canmakeafastpayment) { if (canmakeafastpayment) { checkoutbutton.innertext = "fast checkout with w3c"; } else { checkoutbutton.innertext = "setup w3c checkout"; } }).catch(function(error) { // the user may have turned off the querying functionality in their //
privacy settings.
...let shouldcallpaymentrequest = true; let fallbacktolegacyonpaymentrequestfailure = false; (new paymentrequest(supportedpaymentmethods, {total: {label: 'stub', amount: {currency: 'usd', value: '0.01'}}}) .canmakepayment() .then(function(result) { shouldcallpaymentrequest = result; }).catch(function(error) { console.log(error); // the user may have turned off query ability in their
privacy settings.
SpeechRecognitionError.error - Web APIs
not-allowed the user agent disallowed any speech input from occurring for reasons of security,
privacy or user preference.
... service-not-allowed the user agent disallowed the requested speech recognition service, either because the user agent doesn't support it or because of reasons of security,
privacy or user preference.
SpeechRecognitionErrorEvent.error - Web APIs
not-allowed the user agent disallowed any speech input from occurring for reasons of security,
privacy or user preference.
... service-not-allowed the user agent disallowed the requested speech recognition service, either because the user agent doesn't support it or because of reasons of security,
privacy or user preference.
Lighting a WebXR setting - Web APIs
security and
privacy concerns there are a number of potential security issues involved with collecting all of this data in order to generate and apply lighting to your virtual objects using real-world data.
... ambient light sensor api the collection of light data using the ambient light sensor api introduces various potential
privacy issues.
<a>: The Anchor element - HTML: Hypertext Markup Language
0, 0, math.pi*2); c.closepath(); c.fill(); } } canvas.addeventlistener('mousemove', event => draw(event.offsetx, event.offsety) ); canvas.addeventlistener('mousedown', () => isdrawing = true); canvas.addeventlistener('mouseup', () => isdrawing = false); document.queryselector('a').addeventlistener('click', event => event.target.href = canvas.todataurl() ); result security and
privacy <a> elements can have consequences for users’ security and
privacy.
... see referer header:
privacy and security concerns for information.
Forwarded - HTTP
this header is used for debugging, statistics, and generating location-dependent content and by design it exposes
privacy sensitive information, such as the ip address of the client.
... therefore the user's
privacy must be kept in mind when deploying this header.
Index - HTTP
it lets users indicate whether they would prefer
privacy rather than personalized content.
... 95 referrer-policy http, http header,
privacy, reference, referrer-policy, response, referrer the referrer-policy http header governs which referrer information, sent in the referer header, should be included with requests made.
Referer - HTTP
important: although this header has many innocent uses it can have undesirable consequences for user security and
privacy.
... see referer header:
privacy and security concerns for more information and mitigations.
X-Forwarded-For - HTTP
this header is used for debugging, statistics, and generating location-dependent content and by design it exposes
privacy sensitive information, such as the ip address of the client.
... therefore the user's
privacy must be kept in mind when deploying this header.
X-Forwarded-Host - HTTP
this header is used for debugging, statistics, and generating location-dependent content and by design it exposes
privacy sensitive information, such as the ip address of the client.
... therefore the user's
privacy must be kept in mind when deploying this header.
Transport Layer Security - Web security
improve
privacy by encrypting more of the protocol.
...for the
privacy of client certificates, the encryption of the tls 1.3 handshake ensures that client certificates are encrypted; however this might require some software changes.
Web security
information leakage referer header policy:
privacy and security concerns there are
privacy and security risks associated with the referer http header.
...
privacy and the :visited selector before about 2010, the css :visited selector allowed websites to uncover a user's browsing history and figure out what sites the user had visited.
private-browsing - Archive of obsolete content
it returns true only if the object is: a private window, or a tab belonging to a private window, or a worker that's associated with a document hosted in a private window any window, tab, or worker if the browser has been configured to never remember history (options->
privacy->history) add-ons can use this api to decide whether or not to store user data.
JavaScript Client API - Archive of obsolete content
further, you agree (a) to maintain and link to (including on websites from which your third party client may be downloaded) a separate, conspicuous, and reasonably detailed
privacy policy detailing how data collected or transmitted by your third party client is managed and protected; (b) that your third party client will only store data in encrypted form on the firefox sync servers operated by mozilla; (c) that you and your third party client will use the firefox sync apis solely for their intended purpose; (d) that your third party client will not hide or mask its identity...
2006-11-10 - Archive of obsolete content
trunk / 1_8 for kurdish firefox the firefox translations of the kurdish are only in trunk translating the firefox
privacy policy the final and approved en-us version of
privacy policy is available here and ready for localization team to translate.
Plugins - Archive of obsolete content
supporting private browsing in plugins firefox 3.5 introduced support for private browsing; learn how to make your plugin respect the user's
privacy wishes.
Theme changes in Firefox 2 - Archive of obsolete content
adio[pane=panecontent]:hover radio[pane=panecontent][selected="true"] radio[pane=panefeeds] radio[pane=panefeeds]:active radio[pane=panefeeds]:hover radio[pane=panefeeds][selected="true"] radio[pane=panegeneral]:hover radio[pane=panegeneral][selected="true"] radio[pane=panemain] radio[pane=panemain]:active radio[pane=panemain]:hover radio[pane=panemain][selected="true"] radio[pane=pane
privacy]:hover radio[pane=pane
privacy][selected="true"] radio[pane=panesecurity] radio[pane=panesecurity]:active radio[pane=panesecurity]:hover radio[pane=panesecurity][selected="true"] radio[pane=panetabs]:hover radio[pane=panetabs][selected="true"] you may of course wish to change other styles as well.
Popup Window Controls - Archive of obsolete content
popup window controls configuration using the preference for
privacy & security > popup windows, users can: allow all sites to open popup windows except for sites which the user has explicity denied permission what popup windows are suppressed?
Mozilla’s UAAG evaluation report
(p1) p animated images can be made still with the escape key animated images can be made still as a preference under preferences,
privacy & security, images - "animated images should loop" mozilla has no preference or command to toggle audio or video 3.3 toggle animated/blinking text.
Experimental features in Firefox
nightly 81 yes developer edition — — beta — — release — — preference name — security and
privacy block plain text requests from flash on encrypted pages in order to help mitigate man-in-the-middle (mitm) attacks caused by flash content on encrypted pages, a preference has been added to treat object_subrequests as active content.
Tracking Protection
pt> function tracklink(url,event) { event.preventdefault(); if (window.ga && ga.loaded) { ga('send', 'event', 'outbound', 'click', url, { 'transport': 'beacon', 'hitcallback': function() { document.location = url; } }); } else { document.location = url; } } </script> more information about this technique is available at google analytics,
privacy, and event tracking.
Firefox and the "about" protocol
about:plugins displays information about installed plugins about:policies lists out the firefox for enterprise policies about:preferences firefox settings (also available through firefox menu > options) about:privatebrowsing start page when opening a private window about:profiles display and manage firefox profiles about:protections
privacy protections report consisting of enhanced tracking protection, firefox monitor and firefox lockwise data about:restartrequired a page users are sent to when firefox requires a restart due to an update about:reader indicates a web page has firefox reader view turned on.
Firefox
always keep in mind the side effects your changes may have, from blocking other tasks, to interfering with other user interface elements.
privacythis document lists
privacy-related documentation.security best practices for firefox front-end engineersthis article will help firefox developers understand the security controls in place and avoid common pitfalls when developing front-end code for firefox.site identity buttonthe site identity button is a feature in firefox that gives users more information about the sites they visit.
Localizing extension metadata on addons.mozilla.org
the localizable data fields of an extension are: name homepage summary description eula
privacy policy version notes developer comments when you submit a new extension to amo, the process is divided into several steps.
Reporting a Performance Problem
note that while it's possible to strip profiles of potentially
privacy sensitive information, the less information a profile contains, the harder it is to analyze and turn into actionable data.
Phishing: a short definition
a study on the efficacy of security indicators, presented at the 2007 ieee symposium on security and
privacy, suggests that the above countermeasures fail to protect the majority of users.
A brief guide to Mozilla preferences
preferences files to protect
privacy by preventing inadvertent loading of a preferences file in the browser, the first line of the file is made un-parseable and skipped on loading.
FC_InitToken
the "reset password" button of the mozilla application suite and seamonkey (in preferences->
privacy & security->master passwords) calls fc_inittoken().
NSC_InitToken
the "reset password" button of the mozilla application suite and seamonkey (in preferences->
privacy & security->master passwords) calls nsc_inittoken().
Life After XUL: Building Firefox Interfaces with HTML
problems / solutions: accessibility localization caching for working offline / pre-caching for snappy first run visual performance / jank security
privacy operations tooling build process third-party library use and management ...
History Service Design
expiration expiration is an important part of data management for two reasons:
privacy: expiring data based on user interaction is important, nothing must be left behind on a page removal database maintenance: having cleaner and smaller tables helps queries performances expiration is done at certain moments, but in future will most likely be moved to async queries, to be executed on a separate thread.
Components.utils.Sandbox
the protection is bidirectional: the caller sees the bonafide dom objects without being confused by sneakily-redefined properties, and the target receives appropriate
privacy from having its expandos inspected by untrusted callers.
nsIConsoleService
reset() to clear the message buffer (for example, for
privacy reasons): void reset(); parameters none.
nsIJumpListBuilder
common uses would be the enabling of a
privacy mode and uninstallation.
nsIRequest
inhibit_persistent_caching 1 << 8 this flag prevents caching on disk (or other persistent media), which may be needed to preserve
privacy.
nsITransferable
remarks the load context is used to track whether the transferable is storing
privacy-sensitive information.
Performance
some items in databases are
privacy sensitive, such as deleted history items.
BatteryManager.chargingTime - Web APIs
even if the time returned is precise to the second, browsers round them to a higher interval (typically to the closest 15 minutes) for
privacy reasons.
Document.cookie - Web APIs
when user
privacy is a concern, it's important that any web app implementation invalidate cookie data after a certain timeout instead of relying on the browser to do it.
Browser storage limits and eviction criteria - Web APIs
this will only be evicted if the user chooses to (for example, in firefox you can choose to delete all stored data or only stored data from selected origins by going to preferences and using the options under
privacy & security > cookies & site data).
Navigator - Web APIs
in modern browsers this property now returns a fixed timestamp as a
privacy measure, e.g.
PaymentRequest: shippingaddresschange event - Web APIs
bubbles no cancelable no interface paymentrequestupdateevent event handler property onshippingaddresschange usage notes depending on the browser, the shipping address information may be redacted for
privacy reasons.
PaymentRequest - Web APIs
additionally, in some browsers, the parts of the address will be redacted for
privacy until the user indicates they are ready to complete the transaction (i.e., they hit "pay").
RTCConfiguration.iceTransportPolicy - Web APIs
the agent—or the browser itself—may still perform some form of ip filtering on the incoming candidates for reasons including
privacy and security, as well as to simply limit the number of candidates.
Request.mode - Web APIs
this ensures that serviceworkers do not affect the semantics of the web and prevents security and
privacy issues arising from leaking data across domains.
SubtleCrypto - Web APIs
cryptography functions these are the functions you can use to implement security features such as
privacy and authentication in a system.
WEBGL_debug_shaders - Web APIs
availability: depending on the
privacy settings of the browser, this extension might only be available to privileged contexts.
Window.getDefaultComputedStyle() - Web APIs
see http://blog.mozilla.com/security/2010/03/31/plugging-the-css-history-leak/ and http://hacks.mozilla.org/2010/03/
privacy-related-changes-coming-to-css-vistited/ for details of the examples of how this is implemented.
ARIA: contentinfo role - Accessibility
the contentinfo landmark role is used to identify information repeated at the end of every page of a website, including copyright information, navigation links, and
privacy statements.
WAI-ARIA Roles - Accessibility
if possible, use the html <aside> element instead.aria: contentinfo rolethe contentinfo landmark role is used to identify information repeated at the end of every page of a website, including copyright information, navigation links, and
privacy statements.
Accessibility documentation index - Accessibility
58 aria: contentinfo role aria, aria role, reference, role-contentinfo the contentinfo landmark role is used to identify information repeated at the end of every page of a website, including copyright information, navigation links, and
privacy statements.
Evolution of HTTP - HTTP
notable headers are do not track (dnt) header to control
privacy, x-frame-options, or upgrade-insecure-requests but many more exist.
Resource URLs - HTTP
threats because some of the information shared by resource: urls is available to websites, a web page could run internal scripts and inspect internal resources of firefox, including the default preferences, which could be a serious security and
privacy issue.
Feature Policy - HTTP
the features include: layout-inducing animations legacy image formats oversized images synchronous scripts synchronous xmlhttprequest unoptimized images unsized media granular control over certain features the web provides functionality and apis that may have
privacy or security risks if abused.
Accept-Charset - HTTP
to guarantee better
privacy through less configuration-based entropy, all browsers omit the accept-charset header: internet explorer 8+, safari 5+, opera 11+, firefox 10+ and chrome 27+ no longer send it.
Cookie - HTTP
the cookie header is optional and may be omitted if, for example, the browser's
privacy settings block cookies.
DNT - HTTP
it lets users indicate whether they would prefer
privacy rather than personalized content.
Server-Timing - HTTP
// single metric without value server-timing: missedcache // single metric with value server-timing: cpu;dur=2.4 // single metric with description and value server-timing: cache;desc="cache read";dur=23.2 // two metrics with value server-timing: db;dur=53, app;dur=47.2 // server-timing as trailer trailer: server-timing --- response body --- server-timing: total;dur=123.4
privacy and security the server-timing header may expose potentially sensitive application and infrastructure information.
Link prefetching FAQ - HTTP
privacy implications along with the referral and url-following implications already mentioned above, prefetching will generally cause the cookies of the prefetched site to be accessed.
An overview of HTTP - HTTP
relaxing the origin constraint to prevent snooping and other
privacy invasions, web browsers enforce strict separation between web sites.
CSS Houdini
the css working group does a lot of work to ensure every feature is performant, handles all edge cases, and considers security,
privacy, and accessibility.
let - JavaScript
den: ++counter, }); }; thing.prototype.showpublic = function() { return this.someproperty; }; thing.prototype.showprivate = function() { return privatescope.get(this).hidden; }; } console.log(typeof privatescope); // "undefined" var thing = new thing(); console.log(thing); // thing {someproperty: "foo"} thing.showpublic(); // "foo" thing.showprivate(); // 1 the same
privacy pattern with closures over local variables can be created with var, but those need a function scope (typically an iife in the module pattern) instead of just a block scope like in the example above.
PWA developer guide - Progressive web apps (PWAs)
using service workers to run offline description alerting the user using notifications description creating a web app from an existing site description advanced topics pushing data from the server to your web application some description resource management description integration with the host device description security and
privacy description gaming topics for web app developers description polishing web apps web api equivalents for common native apis some description platform-specific tips and issues description web application performance guide description ensuring a good user experience description related topics some topic some description ...
Secure contexts - Web security
some apis on the web are very powerful, giving an attacker the ability to do the following and more: invade a user's
privacy.
Securing your site - Web security
privacy and the :visited selector this article discusses changes made to the getcomputedstyle() method that eliminates the ability for malicious sites to figure out the user's browsing history.
Web technology for developers
accessibilitycss houdinicss: cascading style sheetsdemos of open web technologiesdeveloper guidesexsltevent referencehtml: hypertext markup languagehttpjavascriptmathmlopensearch description format
privacy, permissions, and information securityprogressive web apps (pwas)svg: scalable vector graphicstutorialsweb apisweb componentsweb performanceweb app manifestsweb media technologiesweb securityweb technology referencexml: extensible markup languagexpathxslt: extensible stylesheet language transformations ...