[tor-bugs] #21034 [Applications/Tor Browser]: Per site security settings?
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Mar 28 10:37:37 UTC 2017
#21034: Per site security settings?
--------------------------------------+--------------------------
Reporter: arthuredelstein | Owner: tbb-team
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: #20843 | Points:
Reviewer: | Sponsor:
--------------------------------------+--------------------------
Comment (by gk):
So, I am inclined to resolve this as `WONTFIX` due to the UX nightmare at
least. But for now let's assume we implement this indeed how is the
implementation supposed to behave in the following scenario:
0) By default the user is in "medium" mode.
1) In tab 1 one has foo.com open. A user does not like to have "medium"
mode here but says: "For this site I want to have high security because I
am scared" and adapts that accordingly.
2) In tab 2 bar.com is open which is per default (see 0)) above in
"medium" mode. But bar.com includes an iframe pointing to foo.com.
Now the question is: what are the security settings for stuff loaded in
the iframe? Is it "medium" because it is embedded in bar.com and bar.com
is the site you are in contact with? Is it "high" because one said in 1)
for foo.com the rule is "high"? If the latter how does one cope with
broken sites and the problem that one is actually dealing with *sites* and
not particular elements embedded in it? If the former why do we have per
site security settings at all?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21034#comment:13>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list