[tbb-bugs] #30032 [Applications/Tor Browser]: Add warning or disable adding additional extensions

Tor Bug Tracker & Wiki blackhole at torproject.org
Fri Apr 5 03:43:38 UTC 2019


#30032: Add warning or disable adding additional extensions
------------------------------------------+----------------------
     Reporter:  legind                    |      Owner:  tbb-team
         Type:  defect                    |     Status:  new
     Priority:  Medium                    |  Milestone:
    Component:  Applications/Tor Browser  |    Version:
     Severity:  Normal                    |   Keywords:
Actual Points:                            |  Parent ID:
       Points:                            |   Reviewer:
      Sponsor:                            |
------------------------------------------+----------------------
 A few users of the Tor Browser have reached out to the EFF extension
 developers team wanting help with Privacy Badger.  As we've explained in
 the past[1], installing Privacy Badger within Tor Browser can seriously
 impede the anonymity guarantees of TB.  Even extensions which under normal
 circumstances in mainline Firefox would increase privacy can be harmful in
 the TB context - for instance, canvas hash randomizers can move the
 browser from the relatively large anonymity pool of "TB users on Linux" to
 the much smaller pool of "TB users on Linux who have a canvas randomizer",
 since the fact that your canvas is randomized is able to be determined by
 any remote site.  Users of TB are more likely to be power users and
 install additional addons as well.

 Currently, installing an extension in TB is as easy as doing the same in
 Firefox.  We should either disable the ability to install additional
 extensions or add a highly eye-catching warning alerting users to the fact
 that extensions, even ones that are privacy-oriented, can be harmful to
 anonymity.

 1. https://tor.stackexchange.com/questions/15653/why-does-tor-not-pre-
 include-privacy-badger-or-disconnect-add-ons

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30032>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tbb-bugs mailing list