New note: intentional telemetry

Torbutton security level settings have migrated into the Tor Browser, so
update the link to the source code accordingly.

content/notes/firefox-hardening-progress.md

@@ -8,7 +8,7 @@ Firefox's multi-process architecture was overhauled, starting with a [utility pr
 
 They've rolled out a separate GPU process on some platforms; the roll-out will likely finish this year.
 
-Regarding toolchain hardening: Chromium official builds use [Clang's CFI sanitizer](https://clang.llvm.org/docs/ControlFlowIntegrity.html); Firefox doesn't. However, a subset of Firefox's libraries support [RLBox sandboxing](https://hacks.mozilla.org/2021/12/webassembly-and-back-again-fine-grained-sandboxing-in-firefox-95/). This isn't a complete solution, but is still a welcome change. [The Tor Browser disables libgraphite on the "safer" security level](https://gitweb.torproject.org/torbutton.git/tree/modules/security-prefs.js?id=c8f7cd3fec5d5845179fcf71ad46888f2d14c8b0) due to security concerns which RLBox may have addressed.
+Regarding toolchain hardening: Chromium official builds use [Clang's CFI sanitizer](https://clang.llvm.org/docs/ControlFlowIntegrity.html); Firefox doesn't. However, a subset of Firefox's libraries support [RLBox sandboxing](https://hacks.mozilla.org/2021/12/webassembly-and-back-again-fine-grained-sandboxing-in-firefox-95/). This isn't a complete solution, but is still a welcome change. [The Tor Browser disables libgraphite on the "safer" security level](https://gitweb.torproject.org/tor-browser.git/tree/browser/components/securitylevel/SecurityLevel.jsm?id=ffdf16f3e8a44b306abd988be874a184b7de1cc6#n273) due to security concerns which RLBox may have addressed.
 
 I'm looking forward to seeing [PID namespace isolation](https://bugzilla.mozilla.org/show_bug.cgi?id=1151624) at some point.
 

content/notes/intentional-telemetry.md

@@ -0,0 +1,17 @@
+---
+title: "Intentional telemetry"
+date: 2022-09-26T22:41:33-07:00
+replyURI: "https://dizl.de/@maze/109066602774324727"
+replyTitle: "Well, what else do you need an analytics tool for than to find new insights?"
+replyType: "SocialMediaPosting"
+replyAuthor: 	"@maze@dizl.de"
+replyAuthorURI: "https://dizl.de/@maze"
+---
+
+Compare the two scenarios:
+
+Scenario A: "We received a piece of user feedback to change this design to avoid errors; their suggestion was well received by other users. Let's collect some telemetry from that component to see is these issues are representative of the larger population; based on that, we'll know whether it warrants a re-design of that component."
+
+Scenario B: "Telemetry says users never use this feature; we can remove it."
+
+In Scenario B, telemetry prompted a decision; in Scenario A, telemetry helped understand a real specific problem. Telemetry should be used to clarify an existing insight rather than make discoveries on its own. Metrics should not be collected lightly; they should be collected with intention (and, of course, prior informed consent).

content/posts/two-types-of-privacy.gmi

@@ -192,7 +192,7 @@ That microblog entry was a response to another article from which this article b
 
 6. Torbutton aims to allow many Tor Browser users to share the same configuration.
 => https://tb-manual.torproject.org/security-settings/ Tor security settings
-=> https://gitweb.torproject.org/torbutton.git/tree/modules/security-prefs.js The preferences impacted by those security settings
+=> https://gitweb.torproject.org/tor-browser.git/tree/browser/components/securitylevel/SecurityLevel.jsm?id=ffdf16f3e8a44b306abd988be874a184b7de1cc6#n273 The preferences impacted by those security settings
 
 7. Users of metered connections may need to block large elements. Users with accessibility needs may need to alter inaccessible pages. Users who don’t speak a page’s language may need to use machine translation.[8] Telling users to just “stop doing this” would be arrogant, yet all three of these examples are fingerprintable.
 

content/posts/two-types-of-privacy.md

@@ -261,7 +261,7 @@ This article is an expansion of the ideas I presented in the microblog entry {{<
 
     We could reduce the number of combinations by combining all the filter lists into a single list that gets updated all at once. When <var>N</var>=1, we're at just <var>V</var> possible combinations. Updates could be spread out over a longer cadence, decreasing the value of <var>V</var>.
 
-[^6]: Torbutton aims to allow many Tor Browser users to share the same configuration. See its [security settings](https://tb-manual.torproject.org/security-settings/) and [the preferences they change](https://gitweb.torproject.org/torbutton.git/tree/modules/security-prefs.js).
+[^6]: Torbutton aims to allow many Tor Browser users to share the same configuration. See its [security settings](https://tb-manual.torproject.org/security-settings/) and [the preferences they change](https://gitweb.torproject.org/tor-browser.git/tree/browser/components/securitylevel/SecurityLevel.jsm?id=ffdf16f3e8a44b306abd988be874a184b7de1cc6#n273).
 
 [^7]: Users of metered connections may need to block large elements. Users with accessibility needs may need to alter inaccessible pages. Users who don't speak a page's language may need to use machine translation.[^8] Telling users to just "stop doing this" would be arrogant, yet all three of these examples are fingerprintable.
 

content/posts/website-best-practices.gmi

@@ -439,7 +439,7 @@ Tor users are encouraged to set the Tor Browser's (TBB) security settings to "sa
 => https://tb-manual.torproject.org/en-US/security-settings/ TBB Security Settings
 
 This disables scripts, MathML, some fonts, SVG images, and other unsafe Firefox features:
-=> https://gitweb.torproject.org/torbutton.git/tree/modules/security-prefs.js Torbutton security-prefs source code
+=> https://gitweb.torproject.org/tor-browser.git/tree/browser/components/securitylevel/SecurityLevel.jsm?id=ffdf16f3e8a44b306abd988be874a184b7de1cc6#n273 Tor Browser's source code for its security preferences
 
 If your site has any SVG images, the Tor browser will download these just like Firefox would (to avoid fingerprinting) but will not render them.
 

content/posts/website-best-practices.md

@@ -483,7 +483,7 @@ Many people use Tor out of necessity. On Tor, additional constraints apply.
 
 ### Constraints of the Tor Browser
 
-Tor users are encouraged to set the [Tor Browser's security settings](https://tb-manual.torproject.org/en-US/security-settings/) to "safest". This disables scripts, MathML, remote fonts, SVG images, and [other unsafe Firefox features](https://gitweb.torproject.org/torbutton.git/tree/modules/security-prefs.js). If your site has any SVG images, the Tor browser will download these just like Firefox would (to avoid fingerprinting) but will not render them.
+Tor users are encouraged to set the [Tor Browser's security settings](https://tb-manual.torproject.org/en-US/security-settings/) to "safest". This disables scripts, MathML, remote fonts, SVG images, and [other unsafe Firefox features](https://gitweb.torproject.org/tor-browser.git/tree/browser/components/securitylevel/SecurityLevel.jsm?id=ffdf16f3e8a44b306abd988be874a184b7de1cc6#n273). If your site has any SVG images, the Tor browser will download these just like Firefox would (to avoid fingerprinting) but will not render them.
 
 If you must use scripts, ensure that they perform well with just-in-time (<abbr title="Just-In-Time">JIT</abbr>) compilation disabled. The Tor Browser's "safer" mode, iOS Lockdown mode, and Microsoft Edge's "enhanced" security mode all disable JIT compilation by default.[^15]