[tor-dev] Tor Browser IsolateSOCKSAuth behavior questions.
gk at torproject.org
Mon Jun 1 07:43:50 UTC 2015
> My question is, what causes Tor Browser to set the SOCKS username to
> "--unknown--" and what the behavior should be in that case if:
Ideally, "--unknown--" would only be used for requests originating from
privileged browser code and not belonging to a website/resource a user
requested. This would encompass things like extensions update requests,
browser update requests, blocklist checks, requests issued by installed
extensions to name just a few. In reality, however, we are not there yet
(see e.g. #13670, #15599, #15555, #15569 + plus there is at least one
bug I have not filed yet).
> * The destination is a ".onion" address.
#15499 should give you an idea (although I am not sure whether that
ticket is still valid)
> * The destination is a ".i2p" address.
I don't know. Maybe we/you should coordinate that with the I2P folks?
> * The destination is the I2P management console.
> I'm fairly sure this should be "deny".
> * The destination is any other address (will be dispatched over Tor if
> running, I don't think I will attempt to support I2P outproxies
> because they suck). (I think allow because things break otherwise?)
I am not sure, honestly. What do you have in mind?
> The final form of my shim will support running with any combination of
> "nothing" (Tor Browser just for the "privacy benefits", probably
> unsafe, I may reconsider this), I2P, and Tor (Though the most useful
> configuration is probably I2P + Tor).
Sounds useful, indeed. But I think we should make clear to users that
this will not be a proper Tor Browser replacement as you need knowledge
of the browser state to make correct assumptions on whether to put
requests into the "--unknown--" bucket or not. And I currently don't see
how your shim is able to accomplish that.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 801 bytes
Desc: OpenPGP digital signature
More information about the tor-dev