Thus spake Roger Dingledine (arma@xxxxxxx): > On Mon, Jul 09, 2007 at 02:16:55AM -0700, Mike Perry wrote: > > As some of you know, I've been working on a security-enhanced version > > of Torbutton to handle all sorts of anonymity vulnerabilities present > > in a standard Firefox configuration (see the big fat warning on > > http://tor.eff.org/download.html.en - the goal is to make all that > > text irrelevant). > > Hi Mike, > > Looks like great progress. One question though -- one of the warnings on > that page that bothers me is "Consider removing extensions that look up > more information about the websites you type in (like Google toolbar), > as they may bypass Tor and/or broadcast sensitive information." Is > this one of the warnings that we're going to have to keep (along with > "you need to send your traffic through Tor for Tor to have any prayer of > helping you" and "don't send plaintext passwords over the Internet"), or > is there something we can do about other extensions doing local resolves? This is a good question. For any non-XUL binary plugins, there is no hope. For the stuff that is implemented as javascript, we have a prayer of it obeying proxy settings, but it can also randomly disable those as it sees fit. Other extensions can also send unique identifiers at inconvenient times (stumbleupon and other such website recommenders come to mind). So these types of warnings should remain, sadly. But the gauntlet of recommended plugins and such can be removed at least. I would say we can do away with warnings 2 and 3, assuming people will use the defaults of Torbutton and heed the relevant warnings it has in its own documentation when changing them. > > The extension itself, and more information on the individual > > features/options are available at the horrifyingly stoic homepage: > > http://torbutton.torproject.org/dev/ > > I really like your "Description of Options" section of this page. I > recognize they can't be tooltips yet -- are those Firefox bugs going > to be fixed soon, or should we think about adding a "Help" window to > Torbutton to explain what all these things are for people who can't get > to the website? Well the bugs are marked as fixed.. Not sure of their backport status though. The web development community loves to bitch about them, so hopefully firefox will backport into 2.0.0.5 or something. I probably will add the tooltips anyways, so we have the strings there and translated to create a help page if the fixes are never backported. > (I'm not so enthusiastic about your use of javascript on the webpage > though. ;) Javascript is never going away, might as well get used to it. :) It's a shame that particular javascript is broken though. Perhaps it is a mimetype issue or something. Hopefully I or somebody can figure out wtf is going on so people can install the search plugins easily. I know they are a huge convenience bonus for me. Unless you think I should explain to the Windows users how to manually download and copy xml files into their firefox install directory, so they don't have to use javascript? ;) > Now the obligatory usability bug report: if I choose "I will manually > manage my cookies" in the Cookies window, what does that mean for the > choices in the Shutdown window? Should it automagically switch to "Let me manage my own Private Data Settings"? I cannot overemphasize how dangerous this setting is though. If you preserve any non-tor cookies during tor usage, these cookies can be fetched by exit nodes, even if you were not visiting that website at the time. This allows them to do things like download your entire gmail, yahoo, or whatever inbox behind your back without your knowledge, from a SINGLE Tor-based visit OF ANY WEBSITE. Of course, the same thing can happen at your local coffee shop. But how many local coffee shops are run by an ad-hoc collection of thousands of semi-anonymous hackers? :) -- Mike Perry Mad Computer Scientist fscked.org evil labs
Attachment:
pgpBfTHHNss59.pgp
Description: PGP signature