[tbb-dev] Proposal: extensions.update.enabled=false [tbb-fingerprinting]

Rusty Bird rustybird at openmailbox.org
Thu Apr 20 14:23:44 UTC 2017


I propose to disable Tor Browser's automatic extension update,
effectively freezing extension versions between releases. This would,
among other things, get rid of a fingerprintable difference between
mainline TB and TB with an immutable extensions directory, such as
sandboxed-tor-browser, Split Browser for Qubes[1], or Tails[2].

(Currently, mainline TB uses extensions.update.enabled=true. Of the
included extensions, HTTPS Everywhere and NoScript actually update,
whereas Torbutton and TorLauncher already opt out by setting a bogus

So when e.g. HTTPS Everywhere at some point updates itself to a
version with new rules, a website affected by the rule changes (as a
first party or as a third party) can distinguish which version is
active. For NoScript, fingerprinting different versions is less
obvious, but probably still possible when an update breaks or fixes
some content.

Downsides of disabling:

- Minor improvements to HTTPSE/NoScript take a little longer to reach
  the user. (If there's a _serious_ security or usability issue, the
  TB version would have to be bumped anyway.)


- More uniform fingerprint for mainline and immutable TB
- More reproducible environment for bug reports
- Not affected by vulnerabilities in the extension updater
- Slightly reduced exit traffic :)


1. https://github.com/rustybird/qubes-split-browser
2. Although Tails can of course be distinguished by its ad blocker.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 931 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tbb-dev/attachments/20170420/7f7f58b9/attachment.sig>

More information about the tbb-dev mailing list