This repository has been archived by the owner on Dec 11, 2019. It is now read-only.
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Whitelist twitter images in tracking protection
For https://sideway.com/ to work Auditors: @bbondy
- Loading branch information
4c30cd0
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
so we want it everywhere right? ok.
4c30cd0
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@SergeyZhukovsky @garvankeeley you might want to sync to this list to skip to avoid known site problems.
4c30cd0
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ok https://github.com/brave/browser-ios/issues/228
4c30cd0
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm not sure if it was safe to add it and the others to the whitelist. Wouldn't it be better to set up a mode like "Block Completely All" to exclude them too for the privacy oriented users?
4c30cd0
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@luixxiul agree, we should eventually have a pref for people to pick how strict they want blocking to be
4c30cd0
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
img-only attacks have happened, e.g. Stegosploit, so a pref is good. I've been meaning to raise the idea of a pref for blocking all images (requiring click to display, as Firefox used to have). We could have site-specific enabling against a backdrop of default disabling, even. @diracdeltas, WDYT?
For now, pbs.twimg.com seems safe enough in Brave, since we block third party cookies and moreover any that might be set from twimg.com.
/be
4c30cd0
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I found it's been worked on #880.
4c30cd0
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks -- I will file a separate issue on img blocking prefs/options.
/be
4c30cd0
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
#624 can be closed by adding
static-zend.pantherssl.com
to the const, which I confirmed. Is it too much? How do you guys think?