[tor-bugs] #7151 [EFF-HTTPS Everywhere]: SSL Observatory not using Tor when FoxyProxy is enabled
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Sat Oct 20 00:05:01 UTC 2012
#7151: SSL Observatory not using Tor when FoxyProxy is enabled
----------------------------------+-----------------------------------------
Reporter: cypherpunks | Owner: pde
Type: defect | Status: new
Priority: normal | Milestone:
Component: EFF-HTTPS Everywhere | Version: HTTPS-E 4.0dev1
Keywords: | Parent:
Points: | Actualpoints:
----------------------------------+-----------------------------------------
Comment(by mikeperry):
Use of FoxyProxy is also strongly discouraged by the Tor Project for
reasons like this, and many many other potential info leaks.
FoxyProxy uses the same API that HTTPS-Everywhere does to decide which
proxy to use. If FoxyProxy's callback happens to get called after ours, it
overrides our proxy settings choices. In fact, it's quite possible that
depending on various aspects of browser state, sometimes FoxyProxy may
override HTTPS-Everywhere, and sometimes we may override FoxyProxy.
However, if someone wants to deep-dive into this madness, we *do* have
checks to see if the Tor socks proxy is functional. We do this before
asking the user if they would like to use Tor. See
https://gitweb.torproject.org/https-
everywhere.git/blob/3.0.2:/src/components/ssl-observatory.js#l683 and
usages of this.proxy_test_successful.
Testing every time we submit a cert is excessive, though. Check.tp.o is
already experiencing high load volumes.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/7151#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list