Security and Privacy Roadmap for Epiphany and WebKitGTK+

I’ve laid out some informal thoughts on where we should be heading with regards to new security and privacy features in Epiphany. It’s in the form of a list of features we really ought to have. (That is, it’s a wishlist.) Most of these features would be implemented in WebKitGTK+, so other applications using WebKitGTK+ would benefit as well.

There’s certainly no shortage of work to be done, so except for a couple items on the list, this is not a list of things you should expect to be implemented soon. Comments welcome on the wiki or on this blog. Volunteers especially welcome! Most of these tasks on the list would make for great GSoC projects (but I’m not accepting more applicants this year: prospective students should find another mentor who’s interested in one of the tasks).

The list will also be used to help assign one or more bounties using some of the money we raised in our 2013 security and privacy campaign.

5 Replies to “Security and Privacy Roadmap for Epiphany and WebKitGTK+”

  1. I would like to see the Eff Privacy Badger integrated in epiphany.
    https://www.eff.org/privacybadger

    I guess it would have to be explicitly enabled with some note about what it is, and that some webpages can behave strangely if they cant track you. Also there should be some kind of quick way to disable it for a site (permanently or temporarily), since some sites doesn’t function properly if they cant track you.

    1. That looks like a much smarter (and probably also riskier) version of an idea I failed to add to the page yesterday, but have now added: using the existing adblock plugin to subscribe to privacy block lists. I’m not opposed to this if it doesn’t break many sites. We’d need to think hard about how to handle UI for it.

  2. I’m very interested in these developments. If you ping me, I’m willing to test them with uzbl (which has no UI guidelines to speak of since it is controlled with commands over a socket).

    Other things to look at: RequestPolicy (site A can’t to site B without permission), CleanLinks (removes tracking via Google result redirects etc.), TACO for pre-loading of ad network opt-out cookies, something to clear out utm tracking crap from query parameters, and likely more.

  3. I would like to see a way to turn of the websockets protocol
    I would also like to see a way to view exactly what information about my computer is being requested via my browser and a way to prevent that and even perhaps a way to spoof it especially when the enformation concerns hardware id’s, installed plugins, OS type.

Comments are closed.