[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #13398 [Applications/Tor Browser]: at startup, browser gleans user FULL NAME (real name, given name) from O/S

#13398: at startup, browser gleans user FULL NAME (real name, given name) from O/S
--------------------------------------+-----------------------------------
 Reporter:  zinc                      |          Owner:  pospeselr
     Type:  defect                    |         Status:  needs_information
 Priority:  Medium                    |      Milestone:
Component:  Applications/Tor Browser  |        Version:
 Severity:  Normal                    |     Resolution:
 Keywords:  TorBrowserTeam201708      |  Actual Points:
Parent ID:                            |         Points:
 Reviewer:                            |        Sponsor:
--------------------------------------+-----------------------------------
Changes (by gk):

 * keywords:  TorBrowserTeam201708R => TorBrowserTeam201708
 * status:  needs_review => needs_information


Comment:

 The patch looks okay to me, just a small nit: there is trailing whitespace
 on a bunch os
 {{{
 +nsresult
 }}}
 lines that needs to get removed.

 However, after thinking more about this patch I have a bigger concern.
 What is it defending against? I mean, what prevents a rogue extension from
 flipping our pref and just read the values we tried to hide? (I know I
 suggested the pref approach first and should probably have thought more
 about it and not just have recommended the "standard thing" when Firefox
 patches are concerned).

 One could argue that's not possible with the new WebExtensions-based add-
 ons (which is correct) but then I bet those extensions are not allowed to
 extract the info we want to hide in the first place either (but I could be
 wrong about that). So, should we just say this will be fixed when we
 switch to Firefox 59? And, if we really want to defend against that in the
 ESR 52 cycle we would just rip out the offending code (not bothering about
 upstreaming the patch)?

 mcs: What about your refactoring concerns?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13398#comment:22>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs