[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #5300 [Tor bundles/installation]: TBB shows SSL observatory popup



#5300: TBB shows SSL observatory popup
--------------------------------------+-------------------------------------
 Reporter:  Sebastian                 |          Owner:  erinn
     Type:  defect                    |         Status:  new  
 Priority:  major                     |      Milestone:       
Component:  Tor bundles/installation  |        Version:       
 Keywords:                            |         Parent:       
   Points:                            |   Actualpoints:       
--------------------------------------+-------------------------------------

Comment(by mikeperry):

 I think the popup is a bit scary looking, and still hard to identify as
 coming from HTTPS-Everywhere. Perhaps independent of that, I don't think
 we should display it by default for TBB, because TBB users might not even
 know what HTTPS-Everywhere is, as they did not install it by choice.

 As for turning the feature on by default for TBB, the main blocker for
 that is that it looks like submission is still going to
 https://observatory.eff.org.. However, Tor Exit Enclaves only really work
 properly when you use IP address. This means that users who turn the
 feature on can be recognized by exits and get fingerprinted or treated
 differently, because the observatory traffic will often be sent on the
 same circuit as browsing traffic.

 Otherwise, I believe this feature is at worst equivalent to OCSP in terms
 of privacy risk for our users, and we've had OCSP on for years even though
 it does nothing for users in terms of security.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5300#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs