[tor-talk] Request: Firefox extension/addon checking tutorial

Dave Warren davew at hireahit.com
Fri Aug 21 05:44:25 UTC 2015

On 2015-08-20 21:27, Cain Ungothep wrote:
>> Anybody care to make a peer-reviewed guide of how to check the
>> >extensions for leaks, cheats and other dirty tricks?
> I would say use the source, Lara.
> It's problematic, of course, since it requires an expert not only on
> programming, networking, privacy and security but also on Mozilla's
> extension architecture.  But really, I don't think there's any other
> way.

I doubt there are many people who are truly competent to check the 
source. You don't just need a programmer who checks to make sure the 
code does what they expect, but also that there aren't any corner cases 
where something does leak, just a little.

To be secure, one must also check the entirety of the Firefox source, 
since Firefox could easily have some behaviour which intentionally leaks 
when Tor is active (and possibly only when other conditions are met, to 
reduce the odds of anyone who isn't a target from observing any 
unexpected behaviour)

Dave Warren

More information about the tor-talk mailing list