[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #31016 [Applications/Tor Browser]: Limited (and partially wrong) advice in documentation. Consider uBlock Origin and uMatrix extensions.



#31016: Limited (and partially wrong) advice in documentation. Consider uBlock
Origin and uMatrix extensions.
-------------------------+------------------------------------------
 Reporter:  cypherpunks  |          Owner:  tbb-team
     Type:  defect       |         Status:  new
 Priority:  Medium       |      Component:  Applications/Tor Browser
  Version:               |       Severity:  Normal
 Keywords:               |  Actual Points:
Parent ID:               |         Points:
 Reviewer:               |        Sponsor:
-------------------------+------------------------------------------
 https://trac.torproject.org/projects/tor/wiki/org/teams/CommunityTeam/Support_discuss
 #CanIinstallanewadd-onorextensioninTorBrowserlikeAdBlockPlusoruBlockOrigin
 says:

 > It’s strongly discouraged to install new add-ons in Tor Browser, because
 they can compromise both your privacy and your security. Plus, Tor Browser
 already comes installed with two add-ons — HTTPS Everywhere and NoScript —
 which give you a lot of added protection.

 However this is a limited and (in the case of uBlock Origin and uMatrix)
 pretty irrelevant advice because:

 1. HTTPS-E and NoScript lack important functionality which uMatrix and uBO
 have. Example: blocking 3rd party requests can be critical to enhancing
 privacy.

 OTOH

 2. uMatrix and uBO can fully block JavaScript (which makes NoScript
 unnecessary) and uM can block mixed content.

 3. HTTPS-E is pretty much a meaningless extension because it attempts to
 provide a workaround for websites which are not configured properly. IOW
 it may create a false sense of security by potentially enforcing HTTPS
 which may not be configured properly by the website owners. Additionally
 it has a privacy issue too as it needs connection to a particular host to
 update its lists.

 Please consider working with gorhill to use uBO and uMatrix instead of
 HTTPS-E and NoScript.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/31016>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs