[tor-bugs] #10772 [Torbutton]: Torbutton/Noscript plugin settings ambiguous to user

Tor Bug Tracker & Wiki blackhole at torproject.org
Thu Jan 30 06:49:41 UTC 2014 

#10772: Torbutton/Noscript plugin settings ambiguous to user
--------------------------------------------+------------------------------
 Reporter:  gilidula                        |          Owner:
     Type:  defect                          |         Status:  new
 Priority:  normal                          |      Milestone:
Component:  Torbutton                       |        Version:  Tor:
 Keywords:  audio video noscript torbutton  |  unspecified
Parent ID:                                  |  Actual Points:
                                            |         Points:
--------------------------------------------+------------------------------
 Software:  Tor Browser 3.5.1
 The recent changes to torbutton/torbrowser leave some confusion to the
 user.  Opening the Noscript Options menu, under embeddings, shows that no
 embedding type is being blocked (i.e. Flash/silverlight/java/other
 plugins).

 Yet, the torbutton claims in documentation to be blocking all plugins.
 This may lead the user to conclusions that are false.

 https://www.torproject.org/projects/torbrowser/design/#DesignRequirements
 "Disabling plugins
 Plugins have the ability to make arbitrary OS system calls and bypass
 proxy settings. This includes the ability to make UDP sockets and send
 arbitrary data independent of the browser proxy settings.

 Torbutton disables plugins by using the @mozilla.org/plugin/host;1 service
 to mark the plugin tags as disabled. This block can be undone through both
 the Torbutton Security UI, and the Firefox Plugin Preferences.

 If the user does enable plugins in this way, plugin-handled objects are
 still restricted from automatic load through Firefox's click-to-play
 preference plugins.click_to_play.

 In addition, to reduce any unproxied activity by arbitrary plugins at load
 time, and to reduce the fingerprintability of the installed plugin list,
 we also patch the Firefox source code to prevent the load of any plugins
 except for Flash and Gnash. "

 Essentially, the design document states that the user should only be able
 to enable flash, and through the torbutton UI.  The noscript UI about
 embeddings is therefore confusing and redundant.  This could cause the
 user to make false conclusions about the behavior of the browser,
 compromising their anonymity.

 This is the basic problem in user interface design of having two places to
 change a setting, and it usually indicates a defect in design.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10772>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list