[tor-bugs] #3600 [TorBrowserButton]: We should get user confirmation for redirects

Tor Bug Tracker & Wiki torproject-admin at torproject.org
Sat Sep 10 06:16:40 UTC 2011 

#3600: We should get user confirmation for redirects
----------------------------------------+-----------------------------------
 Reporter:  mikeperry                   |          Owner:  mikeperry                    
     Type:  defect                      |         Status:  new                          
 Priority:  major                       |      Milestone:  TorBrowserBundle 2.2.x-stable
Component:  TorBrowserButton            |        Version:                               
 Keywords:  MikePerryIteration20110911  |         Parent:                               
   Points:  3                           |   Actualpoints:                               
----------------------------------------+-----------------------------------

Comment(by mikeperry):

 Replying to [comment:6 joyton]:

 > I too use RequestPolicy (RP), may I ask why it's not included in TBB by
 default? Is it that you're worried it will confuse too many users who are
 not familiar with RP?
 >
 > I dislike that TBB seems to lack important add-ons such as AdBlock Plus,
 RequestPolicy and (now) BetterPrivacy (although I'm aware of why it was
 temporally removed). I am unhappy about the lack of those add-ons (and
 others such as anti-tracking cookie add-on(s)) because it then makes me
 use a smaller (an wholly unique?) anonymity set being that I install those
 add-ons to my TBBs.

 The basic reasoning here is the same as
 https://trac.torproject.org/projects/tor/ticket/3975#comment:1 (and
 https://blog.torproject.org/blog/improving-private-browsing-modes-do-not-
 track-vs-real-privacy-design).

 On top of that philosophy is our belief that RequestPolicy is very hard to
 use. However, we also believe that AdBlock plus will be of marginal use
 against a determined adversary intent upon subverting its rules.

 Note that we very much want to be able to support an auto-update mechanism
 that allows you to keep your addons, though. The primary barrier to that
 is an auto-updater, but there are also some educational concerns in that
 if you are the only one using an addon, you have little anonymity. Of
 course, this depends on addon behavior and install set, but request policy
 in particular is very fingerprintable because each user has their own
 policy.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/3600#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list