[tbb-bugs] #20019 [Applications/Tor Browser]: Proposal for TOR Browser extension

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Aug 30 23:22:14 UTC 2016

#20019: Proposal for TOR Browser extension
 Reporter:  SECUSO_Kristoffer         |          Owner:  tbb-team
     Type:  enhancement               |         Status:  needs_information
 Priority:  Medium                    |      Milestone:
Component:  Applications/Tor Browser  |        Version:
 Severity:  Normal                    |     Resolution:
 Keywords:                            |  Actual Points:
Parent ID:                            |         Points:
 Reviewer:                            |        Sponsor:
Changes (by teor):

 * status:  new => needs_information


 This extension requires extended validation SSL certificates to show the
 green status.
 Otherwise it shows a yellow status. For HTTP, it shows a red status. This
 is not an accurate representation of the security of Tor onion sites
 (hidden services) - even if they use HTTP, they're secure (as long as the
 address is correct).

 SECUSO_Kristoffer, do you have plans to add a check for onion sites to
 your extension?

 Also, it chooses one of ten random images per-user. This could be a
 fingerprinting vector:
 * is it loaded from a remote site?
 * what happens when a Tor Browser user selects "new identity" (or quits
 and reopens the browser)?
   * do we choose a new image at random, destroying the utility of this
   * or do we preserve the image, providing a fingerprinting vector?
   * or do we just use one symbol for Tor Browser users? Then it would be
 easy to fake based on the user agent.

 What would you do about this issue?

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20019#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tbb-bugs mailing list