[tbb-bugs] #21549 [Applications/Tor Browser]: Investigate wasm for linkability/fingerprintability/disk avoidance issues
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Dec 19 07:55:29 UTC 2018
#21549: Investigate wasm for linkability/fingerprintability/disk avoidance issues
--------------------------------------------+--------------------------
Reporter: gk | Owner: tbb-team
Type: task | Status: new
Priority: Very High | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: ff60-esr, TorBrowserTeam201809 | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------------------------+--------------------------
Comment (by gk):
Replying to [comment:18 legind]:
> @gk I'm concerned that extensions are a single-click install in most
cases, and privileging them in general will open identifiable
characteristics to possibly irresponsible third parties. Can we whitelist
WASM by extension ID?
Maybe. However, the current policy is that users are responsible
themselves for possible fallout if they are installing other extensions
into their Tor Browser. This is not recommended for all sorts of reasons.
Webextensions got already "privileged" by allowing JavaScript to run in
general if it is disabled in the browser (you might remember
https://bugzilla.mozilla.org/show_bug.cgi?id=1329731). I think it is more
straightforward to follow the reasoning dveditz outlined in
https://bugzilla.mozilla.org/show_bug.cgi?id=1329731#c7 arguing that
disabling WASM for extensions (while allowing it for the remaining parts
of the privileged browser) is not the right solution.
FWIW: that Mozilla bug might be a good start for investigating how to
enable WASM for extensions only but not content (by checking the principal
accordingly).
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21549#comment:19>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list