[tbb-bugs] #24310 [Applications/Tor Browser]: Consider encrypted bookmarks addon for storing onions on the browser

Fri Oct 12 17:11:44 UTC 2018

#24310: Consider encrypted bookmarks addon for storing onions on the browser
------------------------------------------------+--------------------------
 Reporter:  asn                                 |          Owner:  tbb-team
     Type:  enhancement                         |         Status:  new
 Priority:  Medium                              |      Milestone:
Component:  Applications/Tor Browser            |        Version:
 Severity:  Normal                              |     Resolution:
 Keywords:  prop224, tbb, network-need, tor-hs  |  Actual Points:
Parent ID:                                      |         Points:  6
 Reviewer:                                      |        Sponsor:
------------------------------------------------+--------------------------

Comment (by intrigeri):

 Replying to [ticket:24310 asn]:
 > One technique that people are using to remember their onions are local
 browser bookmarks. That's a pretty secure way to do it actually, with the
 biggest drawback being that the bookmarks are stored long-term on your
 computer which is a problem if your computer gets compromised.

 On
 https://trac.torproject.org/projects/tor/wiki/org/meetings/2018MexicoCity/Notes/TBBMeetingDays
 I've seen "Secure Bookmarks" mentioned. I'm not sure if this the right
 place to discuss this, feel free to redirect me if it's not :) Here's a
 dump of my thoughts on this topic.

 First, in Tails bookmarks are the most popular persistence feature among
 those we offer (bookmarks, network connections, additional software,
 printers, Thunderbird, GnuPG, Bitcoin client, Pidgin, SSH). This was
 computed from the bug reports we receive so it's a small data set (~100
 reports/month), but at least that's data.

 Second, without bookmarks support at all (be them "secure" or the default
 Firefox feature, which we disable because of the disk avoidance design
 goal), here's what users are likely to do:

 * save the URLs they need in an unencrypted text file: not more secure
 than using the default bookmarks mechanism provided by Firefox (except
 perhaps Firefox stores the last time when a bookmark was visited? in which
 case it would count as browsing history, which is another matter)
 * use a search engine, a wiki, or something like to discover the hard-to-
 remember URL every time they need it, i.e. trust a third-party web service
 to point them to the correct URL; this approach does resist better to
 computer compromise but it also puts user's credentials at risk every time
 they access the hard-to-remember URL. Depending on the threat model,
 either can be safer.

 I have no data to show how aware users are of the risks of either approach
 and I won't try to guess.

 So to me it's not obvious that we're doing our users a service by
 disabling bookmarks and I would even argue that enabling the default
 Firefox bookmarks feature would not be worse than the current state of
 things. Now, if we get something even better, i.e. "Secure Bookmarks",
 that'll be awesome!

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/24310#comment:15>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online