[tbb-dev] Tor Browser Friendliness Scanner: Seeking Feedback

Gaba gaba at torproject.org
Fri Apr 9 15:42:41 UTC 2021

On 4/9/21 12:19 PM, Kevun wrote:
> Hello all!
> After a year away from my Tor related research, I'm finally back at it.
> As I've introduced in the past [1] I wanted to build a Tor Browser
> Friendliness scanner that would scan the web and rate the Tor Browser
> friendliness of web pages. Unfortunately time got away from me for
> personal reasons, but I finally got the chance to work on the scanner
> and I feel it's close to being ready to run.
> To re-introduce the concept: the scanner checks a web page for evidence
> of some activity that would likely cause the site to not render or run
> properly on the Tor Browser. This includes the tests listed below, which
> are motivated by the Tor Browser Design Document [2] and our own
> experiences analyzing what broke on the Tor Browser during analysis of
> some randomly selected websites.
> _*Tests*_
> 1. Checks to see if the site supports HTTPS. If not, there's a problem.
> 2. Checks to see if the site serves JavaScript over HTTP. If not, there
> could be a problem on the Safer setting of the Tor Browser Security Slider,
> 3. Checks to see if there is auto-played media or hidden media. This
> could cause issues on the Safer setting of the Tor Browser Security Slider.
> 4. Checks to see if there is any evidence of usage of the following
> JavaScript libraries/functionalities. These were taken from the draft of
> the Tor Browser Design Document.
>     01. asm
>     02. battery status
>     03. game pad
>     04. graphite
>     05. media devices
>     06. navigator online
>     07. sensor
>     08. network connection
>     09. touch
>     10. web audio
>     11. webgl
>     12. webrtc
>     13. web speech
>     14. HTML canvas
> 5. Checks to see if the page contains JAR files or Flash files.
> 6. Checks to see if the page contains chrome:// or resource:// links.
> Given this information, I have a few questions.
> 1. What other tests should I add, if any?
> 2. Is there any other feedback on this idea that you'd like to provide?
> Please keep in mind that I intend on releasing the source code soon. At
> the moment it's in an "academic code" state, and I want to clean it up
> before release.

Sounds great!

It would be great to add if they have an onion service or not.

Look at this project for news: https://securethe.news/

> Thanks,
> Kevin
> References:
> [1] https://lists.torproject.org/pipermail/tor-dev/2019-March/013731.html
> [2] https://2019.www.torproject.org/projects/torbrowser/design/
> _______________________________________________
> tbb-dev mailing list
> tbb-dev at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tbb-dev

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0x180DB06C59CABD19.asc
Type: application/pgp-keys
Size: 58129 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tbb-dev/attachments/20210409/3707d5c8/attachment-0001.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 495 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tbb-dev/attachments/20210409/3707d5c8/attachment-0001.sig>

More information about the tbb-dev mailing list