[tor-bugs] #22089 [Applications/Tor Browser]: Add Decentraleyes to slighten off a bit Exit traffic and work around some CDNs blocking of Tor

Tor Bug Tracker & Wiki blackhole at torproject.org
Sun Jan 12 09:36:36 UTC 2020 

#22089: Add Decentraleyes to slighten off a bit Exit traffic and work around some
CDNs blocking of Tor
-------------------------------------------------+-------------------------
 Reporter:  imageverif                           |          Owner:  tbb-
                                                 |  team
     Type:  enhancement                          |         Status:
                                                 |  needs_review
 Priority:  Medium                               |      Milestone:
Component:  Applications/Tor Browser             |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  tbb-usability-website, tbb-          |  Actual Points:
  performance                                    |
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------

Comment (by cypherpunks):

 Replying to [comment:22 gk]:
 > I am not convinced yet this is worth the effort. comment:18 is a good
 start, we should think about expanding it. E.g. there are clear security
 downsides in the sense that a new extension added to Tor Browser means a
 new attack vector and we would need to spend a considerable amount of time
 to review the code every new release contains and as we want to get away
 from automatic extensions updates anyway we would start to monitor
 upstream libraries for security fixes to the locally shipped libraries.
 That could easily result in quite some effort from our side...
 There's already a
 [https://git.synz.io/Synzvato/decentraleyes/tree/master/audit script] that
 does this automatically for you:

 > This audit script allows any user and extension reviewer to verify the
 integrity of the bundled resources. It automatically, and transparently,
 compares all bundled libraries to their original sources.
 >
 > https://git.synz.io/Synzvato/decentraleyes/tree/master/audit

 Running it once before every release doesn't sound too bad.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22089#comment:25>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list