[tbb-bugs] #13585 [Tor Browser]: Investigate recommending or including "Policeman" (Firefox Addon)
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sun Oct 26 16:50:25 UTC 2014
#13585: Investigate recommending or including "Policeman" (Firefox Addon)
-------------------------+--------------------------
Reporter: bastik | Owner: tbb-team
Type: task | Status: new
Priority: normal | Milestone:
Component: Tor Browser | Version:
Keywords: | Actual Points:
Parent ID: | Points:
-------------------------+--------------------------
Investigate the Firefox addon [https://addons.mozilla.org/en-
US/firefox/addon/policeman/ Policeman.] It's
[https://github.com/futpib/policeman code lives here.]
I know about fingerprinting issues and this addon would be your worst
nightmares because it allows to distinguish between pictures, media,
scripts, styles, frames, but that is not why I'm suggesting to review this
addon to see if it can be recommended safely or included into the Tor
Browser for the following purpose.
It has two ruleset which are currently disabled by default. The rulesets
isolate i2p and .onion requests. An .onion does not load resources from
example.org and example.org does not load resources from any .onion
I think it is useful to disable loading resources from any non .onion
source, by default, because beside the .onion owner some third-party could
track Tor users, without uncovering them.
So basically check if you can recommend or include it to allow every
request from anywhere to anywhere (therefore no fingerprinting) and
configure the addon to guard .onion and maybe i2p.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13585>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list