[tor-bugs] #20019 [Applications/Tor Browser]: Proposal for TOR Browser extension
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Aug 30 23:22:14 UTC 2016
#20019: Proposal for TOR Browser extension
--------------------------------------+-----------------------------------
Reporter: SECUSO_Kristoffer | Owner: tbb-team
Type: enhancement | Status: needs_information
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------------------+-----------------------------------
Changes (by teor):
* status: new => needs_information
Comment:
This extension requires extended validation SSL certificates to show the
green status.
Otherwise it shows a yellow status. For HTTP, it shows a red status. This
is not an accurate representation of the security of Tor onion sites
(hidden services) - even if they use HTTP, they're secure (as long as the
address is correct).
SECUSO_Kristoffer, do you have plans to add a check for onion sites to
your extension?
Also, it chooses one of ten random images per-user. This could be a
fingerprinting vector:
* is it loaded from a remote site?
* what happens when a Tor Browser user selects "new identity" (or quits
and reopens the browser)?
* do we choose a new image at random, destroying the utility of this
feature?
* or do we preserve the image, providing a fingerprinting vector?
* or do we just use one symbol for Tor Browser users? Then it would be
easy to fake based on the user agent.
What would you do about this issue?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20019#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list