Hello all!
After a year away from my Tor related research, I'm finally back
at it. As I've
introduced in the past [1] I wanted to build a Tor Browser
Friendliness scanner
that would scan the web and rate the Tor Browser friendliness of
web pages. Unfortunately time got away from me for personal
reasons, but I finally got the
chance to work on the scanner and I feel it's close to being ready
to run.
To re-introduce the concept: the scanner checks a web page for
evidence of some
activity that would likely cause the site to not render or run
properly on the
Tor Browser. This includes the tests listed below, which are
motivated by
the Tor Browser Design Document [2] and our own experiences
analyzing what broke
on the Tor Browser during analysis of some randomly selected
websites.
Tests
1. Checks to see if the site supports HTTPS. If not, there's a
problem.
2. Checks to see if the site serves JavaScript over HTTP. If not,
there could be
a problem on the Safer setting of the Tor Browser Security Slider,
3. Checks to see if there is auto-played media or hidden media.
This could cause
issues on the Safer setting of the Tor Browser Security Slider.
4. Checks to see if there is any evidence of usage of the
following JavaScript
libraries/functionalities. These were taken from the draft of the
Tor Browser
Design Document.
01. asm
02. battery status
03. game pad
04. graphite
05. media devices
06. navigator online
07. sensor
08. network connection
09. touch
10. web audio
11. webgl
12. webrtc
13. web speech
14. HTML canvas
5. Checks to see if the page contains JAR files or Flash files.
6. Checks to see if the page contains chrome:// or resource://
links.
Given this information, I have a few questions.
1. What other tests should I add, if any?
2. Is there any other feedback on this idea that you'd like to
provide?
Please keep in mind that I intend on releasing the source code
soon. At the moment it's in an "academic code" state, and I want
to clean it up before release.
Thanks,
Kevin
References:
[1] https://lists.torproject.org/pipermail/tor-dev/2019-March/013731.html
[2] https://2019.www.torproject.org/projects/torbrowser/design/