[tor-bugs] #31160 [Applications/Tor Browser]: Turn off automatic updates by default for installed add-ons
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Jul 16 05:33:34 UTC 2019
#31160: Turn off automatic updates by default for installed add-ons
--------------------------------------+--------------------------
Reporter: cypherpunks | Owner: tbb-team
Type: enhancement | Status: closed
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution: wontfix
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------------------+--------------------------
Comment (by gk):
Replying to [comment:4 cypherpunks]:
> I mean it's not even breaking any functionality, it would just be
providing a safe default for people who install extensions. Since those
extensions can't be considered security critical,
I am not sure what you mean by that but I think it is fair to assume that
any extension added to the browser is a risk both security- and privacy-
wise as it is running priviledged code and has the availability to do way
more harm than a website, especially in the Tor Browser context. That is
the reason why we don't recommend installing additional extensions to
begin with. And disabling the update mechanism without any process in
place to check for potential security issues of any installed extension
(yes, there are thousands!) does not seem to be the responsible thing to
do.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/31160#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list