[tor-bugs] #26529 [Applications/Tor Browser]: TBA - Notify user about possible proxy-bypass before opening external app

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Oct 21 16:22:42 UTC 2019 

#26529: TBA - Notify user about possible proxy-bypass before opening external app
-------------------------------------------------+-------------------------
 Reporter:  sysrqb                               |          Owner:  tbb-
                                                 |  team
     Type:  defect                               |         Status:
                                                 |  needs_information
 Priority:  High                                 |      Milestone:
Component:  Applications/Tor Browser             |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  tbb-mobile, tbb-torbutton, tbb-      |  Actual Points:
  proxy-bypass, TBA-a3, tbb-8.5, tbb-parity,     |
  TorBrowserTeam201910                           |
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
                                                 |  Sponsor8
-------------------------------------------------+-------------------------
Changes (by sysrqb):

 * cc: antonela (added)


Comment:

 Replying to [comment:17 gk]:
 > Looks good to me. I've applied the patch to `tor-
 browser-68.2.0esr-9.5-1` (commit
 6dc05e67cdbbb0a74f2c24387a3ea7443e08b57c).
 >
 > Two things I am unsure about:
 > 1)
 > {{{
 >  * launches a file during private browsing. The dialog appears to notify
 the user that a clicked
 >  * link will open in an external application, potentially leaking their
 browsing history.
 >  */
 > }}}
 > That's not the same as explaining possible proxy bypass/anonymity
 losses. We spent quite some time trying to get the message right for
 desktop. Do we want to do that as well in this case?

 On Desktop, our
 [https://gitweb.torproject.org/torbutton.git/tree/chrome/locale/en-
 US/torbutton.properties#n18 English] text is "Some types of files can
 cause applications to connect to the Internet without using Tor." and "To
 be safe, you should only open downloaded files while offline, or use a Tor
 Live CD such as Tails.".

 On Android, it [https://gitweb.torproject.org/tor-
 browser.git/tree/mobile/android/base/locales/en-US/android_strings.dtd?h
 =tor-browser-68.2.0esr-9.5-1#n812 says]: "This link will open in
 &formatS;. Are you sure you want to exit Private Browsing?" where
 `&formatS;` is replaced with the target app name.  I think using a message
 like the one on desktop is a better idea.

 I'm adding Anto. We should think about how we should phrase this.

 >
 > 2) Are we confident we have caught all possible issues here? There seems
 to be a variety of potentially problematic code paths.

 I think this deserves another round of auditing. I don't know.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/26529#comment:18>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list