[tor-bugs] #10730 [Tor bundles/installation]: Privacy leak ONLY on Ubuntu 13.10/Unity using default official Tor Browser Bundle (including Vidalia issues)
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Jan 27 05:56:11 UTC 2014
#10730: Privacy leak ONLY on Ubuntu 13.10/Unity using default official Tor Browser
Bundle (including Vidalia issues)
------------------------------------------+-------------------
Reporter: damico | Owner: erinn
Type: defect | Status: new
Priority: normal | Milestone:
Component: Tor bundles/installation | Version:
Resolution: | Keywords:
Actual Points: | Parent ID:
Points: |
------------------------------------------+-------------------
Comment (by damico):
> You mention Vidalia several times --
> are you using Tor Browser Bundle 3.5, or something older?
I'm using the absolute latest 64-bit Linux Tor Browser Bundle on Ubuntu
13.10.
The tarball came from the standard Tor Browser Bundle download page.
The tarball was named: tor-browser-linux64-3.5_en-US.tar.xz
The same problem showed up with the previous tarball:
That tarball was named: tor-browser-gnu-linux-x86_64-2.3.25-16-dev-en-
US.tar.gz
And, it occurred with the previous tarball to that one:
That previous tarball was named: tor-browser-gnu-linux-x86_64-2.3.25-14
-dev-en-US.tar.gz
(I know this because I saved all the tarballs when I installed them.)
When I select the current TBB Help->About Tor Browser, it reports Firefox
ESR 24.2.0.
I have been using Tor for years, so, maybe I am mixing up the terms, when
I use the word "Vidalia". What I mean is the "Vidalia Control Panel",
which, I used to see on Linux and Windows (but checking right now, I don't
see the icon for it anymore).
So, while I'm confused about whether Vidalia still exists, the problem is
that the Tor Browser Bundle is all mixed up with the Firefox launchers in
Ubuntu. Personally, this seems like a Ubuntu problem, but, they said it's
a Tor Browser Bundle problem, so that's why I'm here.
Here is a quick test:
1. Take any Ubuntu 13.10 system using the default Unity desktop.
2. Install Firefox (if it hasn't already been installed) & pin the icon to
the desktop.
3. Unpack the TBB (if not already unpacked) and run Tor & try to pin the
icon to the deskop.
You'll probably fail to pin the icon to the desktop; but don't worry about
that as that's a secondary issue.
Now run Firefox a few times.
Run the Tor Browser Bundle.
Then, iconify all the Firefox windows, and iconify the Tor Browser Bundle
window.
Notice that you can't tell which is which.
Right click on the Firefox icon in the Unity launcher, and all the windows
show up equally. The only way to tell is to SCRUTINIZE them very
carefully, since they're all mixed up.
Essentially, there is no difference between the Firefox launcher and the
Tor launcher.
For more details, see this Ubuntu Forum thread which agrees with that
assessment:
Thread: Privacy threat due to 2 out-of-the-box bugs in ubuntu 13.10 Unity
Tor Browser
http://ubuntuforums.org/showthread.php?t=2200951
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10730#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list