[tor-bugs] #28917 [Circumvention/Snowflake]: Delete the proxy opt-in cookie, don't set it to 0

Tor Bug Tracker & Wiki blackhole at torproject.org
Fri Jul 5 18:15:27 UTC 2019 

#28917: Delete the proxy opt-in cookie, don't set it to 0
-------------------------------------+--------------------------
 Reporter:  dcf                      |          Owner:  cohosh
     Type:  enhancement              |         Status:  assigned
 Priority:  Medium                   |      Milestone:
Component:  Circumvention/Snowflake  |        Version:
 Severity:  Normal                   |     Resolution:
 Keywords:                           |  Actual Points:
Parent ID:  #27385                   |         Points:
 Reviewer:                           |        Sponsor:
-------------------------------------+--------------------------

Comment (by cohosh):

 Replying to [comment:3 dcf]:
 > Replying to [comment:2 cohosh]:
 > > We refactored the proxy implementation in the process of adding a
 webextension (#23888, #30934). A part of this refactor was to not rely on
 the use of cookies for the webextension. We can probably just apply that
 refactor here,
 >
 > The original idea behind the badge (and why it's called a "badge") was
 that would be an unobtrusive iframe posted on various web pages that you
 would just activate incidentally while browsing. In that model, I don't
 see how you can dispense with a cookie. You would have to click and
 reactivate something on every page the badge might be on.
 >
 > But I'm also fully prepared to believe that the many-sites "badge"
 model, while it may have made sense for the opt-out flash proxy, doesn't
 make sense for the opt-in Snowflake. The number of third-party sites
 hosting the Snowflake badge is approximately zero, and if you intersect
 that with the number of users who have (1) opted in and (2) are currently
 incidentally browsing one of those sites, the number is not even
 approximately zero. Therefore I don't think there's a problem with hosting
 a single web page with a toggle (and removing the iframe instructions),
 and instructing people to visit the page and click the toggle. Just
 pointing out that it's a change from how the system has been assumed to
 work until now.

 Ah that explains a few things. I'm happy to leave the badge as a cookie-
 based "opt-in once for everywhere" way of participating in snowflake. I
 think the UI changes in #27384 would help users remain reasonably informed
 by their participation across various sites.

 Overall though, the webextension seems to have a lot more potential for
 longer-lived, more stable, and more informed user participation... do we
 even want to keep the badge around?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/28917#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list