[tor-dev] Rethinking Bad Exit Defences: Highlighting insecure and sensitive content in Tor Browser
donncha at donncha.is
Tue Mar 28 15:31:00 UTC 2017
The Tor bad-relay team regularly detects malicious exit relays which are
actively manipulating Tor traffic. These attackers appear financial
motivated and have primarily been observed modifying Bitcoin and onion
address which are displayed on non-HTTPS web pages.
Increasingly these attackers are becoming more selective in their
targeting. Some attackers are only targeting a handful of pre-configured
pages. As a result, we often rely on Tor users to report bad exits and
the URLs which are being targeted.
In Firefox 51, Mozilla started to highlight HTTP pages containing
password form fields as insecure . This UI clearly and directly
highlights the risk involved in communicating sensitive data over HTTP.
I'd like to investigate ways that we can extend a similar UI to Tor
Browser which highlight Bitcoin and onion addressed served over HTTP. I
understand that implementing this type of Bitcoin and onion address
detection would be less reliable than Firefox's password field
detection. However even if unreliable it could increase safety and
increase user awareness about the risks of non-secure transports.
There is certainly significant design work that needs to be done to
implement this feature. For example, .onion origins need be treated as
secure, but only if they don't included resources from non-secure
origins. We would also need to make the onion/bitcoin address detection
reliable against active obfuscation attempts by malicious exits.
I'd like to hear any and all feedback, suggestions or criticism of this
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 630 bytes
Desc: OpenPGP digital signature
More information about the tor-dev