[tor-bugs] #30402 [Applications/Tor Browser]: Expired Certificate and "Explore Privately"

Tor Bug Tracker & Wiki blackhole at torproject.org
Sun May 5 12:29:14 UTC 2019


#30402: Expired Certificate and "Explore Privately"
-----------------------+------------------------------------------
 Reporter:  Crissy2    |          Owner:  tbb-team
     Type:  defect     |         Status:  new
 Priority:  Very High  |      Component:  Applications/Tor Browser
  Version:             |       Severity:  Critical
 Keywords:             |  Actual Points:
Parent ID:             |         Points:
 Reviewer:             |        Sponsor:
-----------------------+------------------------------------------
 Preventing mark as duplicated: I have read #30388 bug.

 If an mandatory certificate expires (In Tor Browser, mozilla or any
 mandatory add-on, Tor Browser should **close all tabs** before disabling
 addon.

 An add-on was disabled and... all run websites start grab my identifying
 data. The yellow bar information is not correct solution because i can be
 AFK (scripts continue running).

 **The correct solution: **
 If TorBrowser starts with bad certificate, there shall be visible:
 **"Something went wrong" instead of "Explore. Privately"**. Additionally
 there shall be shown description of reason if is known.

 If certificate becomes invalid during work, Tor Browser should close all
 tabs (**without** showing the ask "Do you really close this tab" etc.) and
 show the "Something went wrong" screen.

 **Disabling add-ons during work of TB is very silly idea if this add-on
 raises privacy** <facepalm>

 BTW. Why TBB has not built-in NoScript version that haven't to be
 verified?

 **People still can download affected TBB without working NoScript.** The
 download link should stop to work or indicate a properly running version
 (also if alfa!!!)

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30402>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list