[tor-bugs] #10394 [Applications/Tor Browser]: Torbrowser's updater updates HTTPS-everywhere

Tor Bug Tracker & Wiki blackhole at torproject.org
Sat Jun 6 20:59:11 UTC 2020


#10394: Torbrowser's updater updates HTTPS-everywhere
-------------------------------------------------+-------------------------
 Reporter:  StrangeCharm                         |          Owner:  tbb-
                                                 |  team
     Type:  task                                 |         Status:
                                                 |  needs_information
 Priority:  Medium                               |      Milestone:
Component:  Applications/Tor Browser             |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  tbb-security, https-everywhere,      |  Actual Points:
  TorBrowserTeam202006R                          |
Parent ID:                                       |         Points:
 Reviewer:  gk                                   |        Sponsor:
-------------------------------------------------+-------------------------
Changes (by gk):

 * status:  needs_review => needs_information


Comment:

 Replying to [comment:40 rustybird]:
 > Here's a small patch.
 >
 > I tested it on top of TB 9.0.10 (rezipped omni.ja), with
 `extensions.update.interval` set to `60` seconds, by watching requests via
 `SETEVENTS STREAM` on a tor control port: The eff.org version check ping
 is gone. It's even more obvious if the NoScript ID is added to the patch
 as well, then there's no update traffic at all.

 The permission path is an interesting idea. I had some hope we could get
 this ticket fixed without carrying yet another patch for it with us but I
 like the UX changes etc. we basically get for free with it. Plus no
 changes needed to the extension whatsoever and no weird console error
 messages either.

 Maybe we could include this patch as part of our "don't block our unsigned
 extensions" patch where HTTPS-Everywhere is the only extensions left
 anyway.

 rustybird: have you checked whether the ruleset updates are unaffected by
 your patch (because those are updates we want to keep getting)?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10394#comment:44>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list