#74 Consider protection from leaky forms
Opened 2 years ago by polcak. Modified 2 years ago

Previous research focused on leaky forms, e.g.:

We have a code that aims to provide protections from leaky forms, see https://github.com/polcak/jsrestrictor/pull/94

Regarding the permissions:

  • browsingData and webNavigation - we already need this (browsingData is optional for Firefox) so if we made the functionality optional for Firefox, we do not need additional permissions.

  • contextMenus - the permission is not needed, we can make the locking work through pop up or make the permission optional.

So I do not think that permissions are a problem anymore.

The problem is making the functionality really work. We added a mechanism to automatically lock forms that works for some forms but does not for others. Another issue is in letting the user know that the page is locked (a notification that some users seem to hate? changes in DOM that are fingerprintable?). There is an issue in breaking Chrome navigation. For more details see https://www.fit.vut.cz/study/thesis-file/23572/23572.pdf (especially Chapter 7, in Czech, try automatic translators).

Login to comment on this ticket.