[tor-bugs] #17569 [Applications/Tor Browser]: Add uBlock Origin to the Tor Browser

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Sep 18 18:41:52 UTC 2017

#17569: Add uBlock Origin to the Tor Browser
 Reporter:  kernelcorn                  |          Owner:  tbb-team
     Type:  defect                      |         Status:  new
 Priority:  Medium                      |      Milestone:
Component:  Applications/Tor Browser    |        Version:
 Severity:  Normal                      |     Resolution:
 Keywords:  tbb-usability tbb-security  |  Actual Points:
Parent ID:                              |         Points:
 Reviewer:                              |        Sponsor:

Comment (by cypherpunks):

 I think something concerning just appeared recently with the JS XMR miners
 in place of ads (such as https://coin-hive.com). Imagine if I have like 4
 sites that use them, one of CPU's core is already at 100% with only 1
 opened, with 4 it would completely bottleneck the browser.

 In fact, I tested with Medium security setting (which has JIT disabled)
 the captcha which is based on mining XMR was still at its beginning even
 after 15 min https://coin-hive.com/account/signup

 But yes, what the Tor Browser design document states is still completely
 valid - however in the face of new emerging threats I don't think we
 should ignore them since they definitely impact usability here: So if
 someone was on one of those sites that had that XMR miner and were using
 the Medium security setting, then they'll have a 100% cpu use on one of
 their cores and that will affect their browsing experience. If they
 realize that this is partly due to JIT they'll lower the security setting,
 so this could discourage some from using medium security setting. If they
 don't, then they're still stuck with a 100% cpu core usage.

 One potential compromise here is to add uBlock Origin but with only the
 filer list that handles those JS miners + the filter lists on badware and
 malware, and everything else would be disabled.

 Note how this compromise only addresses usability and a bit of security
 and not privacy, which is already handled perfectly by design by the Tor

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17569#comment:25>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list