[tbb-bugs] #25090 [Applications/Tor Browser]: Make sure IPFS & co in addons are shoved up through Tor and don't leak in ESR60
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Sep 14 18:49:15 UTC 2018
#25090: Make sure IPFS & co in addons are shoved up through Tor and don't leak in
ESR60
----------------------------------------+----------------------------
Reporter: cypherpunks | Owner: tbb-team
Type: defect | Status: closed
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution: worksforme
Keywords: ff60-esr, tbb-proxy-bypass | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
----------------------------------------+----------------------------
Changes (by gk):
* status: new => closed
* resolution: => worksforme
Comment:
I think we are good right now. There is no TCP/UDP Socket API available
for WebExtensions yet (see:
https://bugzilla.mozilla.org/show_bug.cgi?id=1247628) so, this risk is
ruled out. You can register those protocols with protocol handlers (see:
https://developer.mozilla.org/en-US/docs/Mozilla/Add-
ons/WebExtensions/manifest.json/protocol_handlers) but that's a web based
mechanism, so that should be fine.
That said: even if extensions which implemented/supported those protocols
*would* bypass Tor then I think this would fall under our strong
recommendation to not install third-party extensions as they can
compromise your privacy/anonymity.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/25090#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list