[tbb-dev] Tor Browser Friendliness Scanner: Seeking Feedback

Kevun kevun at riseup.net
Fri Apr 9 15:19:07 UTC 2021 

Hello all!

After a year away from my Tor related research, I'm finally back at it.
As I've introduced in the past [1] I wanted to build a Tor Browser
Friendliness scanner that would scan the web and rate the Tor Browser
friendliness of web pages. Unfortunately time got away from me for
personal reasons, but I finally got the chance to work on the scanner
and I feel it's close to being ready to run.

To re-introduce the concept: the scanner checks a web page for evidence
of some activity that would likely cause the site to not render or run
properly on the Tor Browser. This includes the tests listed below, which
are motivated by the Tor Browser Design Document [2] and our own
experiences analyzing what broke on the Tor Browser during analysis of
some randomly selected websites.

_*Tests*_

1. Checks to see if the site supports HTTPS. If not, there's a problem.
2. Checks to see if the site serves JavaScript over HTTP. If not, there
could be a problem on the Safer setting of the Tor Browser Security Slider,
3. Checks to see if there is auto-played media or hidden media. This
could cause issues on the Safer setting of the Tor Browser Security Slider.
4. Checks to see if there is any evidence of usage of the following
JavaScript libraries/functionalities. These were taken from the draft of
the Tor Browser Design Document.
    01. asm
    02. battery status
    03. game pad
    04. graphite
    05. media devices
    06. navigator online
    07. sensor
    08. network connection
    09. touch
    10. web audio
    11. webgl
    12. webrtc
    13. web speech
    14. HTML canvas
5. Checks to see if the page contains JAR files or Flash files.
6. Checks to see if the page contains chrome:// or resource:// links.

Given this information, I have a few questions.

1. What other tests should I add, if any?
2. Is there any other feedback on this idea that you'd like to provide?

Please keep in mind that I intend on releasing the source code soon. At
the moment it's in an "academic code" state, and I want to clean it up
before release.

Thanks,

Kevin

References:

[1] https://lists.torproject.org/pipermail/tor-dev/2019-March/013731.html

[2] https://2019.www.torproject.org/projects/torbrowser/design/

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tbb-dev/attachments/20210409/8a16d6b3/attachment.htm>

More information about the tbb-dev mailing list