[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #26128 [Applications/Tor Browser]: Make security slider work with NoScript for ESR60



#26128: Make security slider work with NoScript for ESR60
---------------------------------------------+-----------------------------
 Reporter:  arthuredelstein                  |          Owner:  tbb-team
     Type:  defect                           |         Status:
                                             |  needs_revision
 Priority:  Very High                        |      Milestone:
Component:  Applications/Tor Browser         |        Version:
 Severity:  Normal                           |     Resolution:
 Keywords:  ff60-esr, TorBrowserTeam201806R  |  Actual Points:
Parent ID:                                   |         Points:
 Reviewer:                                   |        Sponsor:
---------------------------------------------+-----------------------------
Changes (by arthuredelstein):

 * cc: ma1 (added)


Comment:

 Replying to [comment:5 mcs]:
 > Kathy and I reviewed these changes. Awesome work! Of course we have a
 few comments:

 Thanks for the review! My revised branch is at:
 https://github.com/arthuredelstein/torbutton/commit/26128+1

 > * There is a comma missing after the second array within untrusted_caps
 (before the `// medium: http` comment).

 Fixed.

 > * Please add some details to the check in comment, e.g., some of the
 things you mentioned in comment:3.

 Done.

 > * To match the slider UI, please use Standard/Safer/Safest within
 comments (rather than Low/Medium/High).

 Done.

 > * If the user adds an exception (e.g., adding a site to the Trusted
 list), the changes will be lost at startup and each time the slider is
 adjusted. That will surprise people; we should decide what behavior we
 want and try to implement it.

 That's true. In principle we can also listen to the settings objects
 broadcast by NoScript. As a demonstration, this code prints all Settings
 changes from NoScript.

 {{{
 const { LegacyExtensionContext } =
       Cu.import("resource://gre/modules/LegacyExtensionsUtils.jsm", {});
 const noscriptID = "{73a6fe31-595d-460b-a920-fcc0f8843232}";
 let extensionContext = new LegacyExtensionContext({ id : noscriptID });
 extensionContext.api.browser.runtime.onMessage.addListener((a,b,c) =>
 console.log(a,b,c))
 }}}

 To preserve user custom settings, we would need to use these messages to
 maintain a mirror of the NoScript's Settings object and pass back a
 modified version of the mirrored Settings whenever the Security Slider is
 altered.

 A simpler approach could be to patch NoScript to accept diffs rather than
 the entire Settings object.

 However, I'm not sure we want to permanently preserve custom user settings
 in NoScript at all. Such a feature might be a privacy footgun for users.

 [Snipped IPC question for a separate comment, below.]

 > * Kathy and I think the capability groupings you selected make sense,
 but we will probably need to adjust some of the wording within the
 security slider window (i.e., the text which describes the levels).

 Good point. I'm still inclined to consider the possibility of simplifying
 the capability groupings -- the different treatment of media, fonts, and
 scripts seems somewhat arbitrary to me and I think it would be useful to
 come up with a more systematic rationale for the settings we have chosen
 for the "Safer" (medium) level. It's kind of a separate issue (#22981),
 but worth considering now given that in transitioning to the new NoScript,
 some behaviors are going to change.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/26128#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs