[tor-bugs] #22981 [Applications/Tor Browser]: Don't block audio/video on https sites under Medium Security

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Apr 18 19:40:46 UTC 2018


#22981: Don't block audio/video on https sites under Medium Security
-------------------------------------------------+-------------------------
 Reporter:  arthuredelstein                      |          Owner:  tbb-
                                                 |  team
     Type:  defect                               |         Status:  new
 Priority:  Medium                               |      Milestone:
Component:  Applications/Tor Browser             |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  tbb-usability, tbb-security-slider,  |  Actual Points:
  ux-team                                        |
Parent ID:  #23150                               |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------

Comment (by arthuredelstein):

 To explain a little more, the idea here is to essentially make the
 security settings for HTTP and HTTPS independent. That results in three
 security levels:

 Low: HTTP unprotected, HTTPS unprotected
 Medium: HTTP protected, HTTPS unprotected
 High: HTTP protected, HTTPS protected

 This has usability benefits because it simplifies user's understanding of
 what protections are at each level. And on Medium Security, the usability
 has improved while still protecting against hostile injections on HTTP
 sites.

 It also has fingerprinting benefits by making Medium and High Security
 look the same on HTTP sites and Low and Medium look the same on HTTPS
 sites.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22981#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list