[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #11384 [Tor bundles/installation]: TorBrowser connects over clearnet after activation of 'hidden' torbutton option

Subject: [tor-bugs] #11384 [Tor bundles/installation]: TorBrowser connects over clearnet after activation of 'hidden' torbutton option
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Tue, 01 Apr 2014 22:23:34 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 01 Apr 2014 18:24:01 -0400
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#11384: TorBrowser connects over clearnet after activation of 'hidden' torbutton
option
--------------------------------------+-----------------------
 Reporter:  cypherpunks               |          Owner:  erinn
     Type:  defect                    |         Status:  new
 Priority:  normal                    |      Milestone:
Component:  Tor bundles/installation  |        Version:
 Keywords:                            |  Actual Points:
Parent ID:                            |         Points:
--------------------------------------+-----------------------
 Tested on Linux x86_64, latest TorBrowser version 3.53

 Steps to reproduce problem:
 1. Open TorBrowser and connect normally
 2. Click the Torbutton, this opens the drop down list containing "New
 Identity, Cookie Protections, ..."
 3. Press down key on keyboard once highlights 'New Identity'
 4. Press down key again and the highlighting disappears (highlighting
 hidden 'disable torbutton' option)
 5. Press enter

 This makes TB connect over the clearnet and reveal true IP address
 (checked using check.torproject.org, and yes it is my real IP). No warning
 or confirmation box appears and this could easily be done accidentally.
 This setting persists over New Identity and closing and reopening TB
 completely, and it is not obvious at all to the user how to switch Tor
 back on.

 This is particularly dangerous because opportunities to warn the user are
 missed:
 * The about:tor page remains green even after clicking New Identity
 (although it does switch to its "Something Went Wrong!" form after fully
 closing and reopening TB).
 * The 'Proxy Settings' page (Torbutton -> Preferences) is unchanged and
 indicates the browser is using Tor's recommended proxy settings
 * The 'Test Proxy' button on the Proxy Settings page button confirms that
 the Tor proxy is working properly

 The '''only''' indicator to the user that they have been deanonymized is
 the torbutton changes from green to red, which is easily missed.

 Furthermore, for people who do not allow TB access to the Tor ControlPort*
 this button is red anyway and there is '''no indication whatsoever''' that
 you are deanonymized.

 This hidden option needs to be properly disabled or (like me!) you could
 be deanonymized for days without knowing.


 *i.e. connecting TB to a separate Tor process / transparently routing TB
 traffic / using Tor router or Tor on a different [virtual] machine

 [Note to re-enable Tor proxy just repeat the steps above. Also the
 'Restore Defaults' button on the TorButton Preferences page appears to fix
 it too]

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/11384>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Follow-Ups:
- Re: [tor-bugs] #11384 [Tor bundles/installation]: TorBrowser connects over clearnet after activation of 'hidden' torbutton option
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #11384 [Tor bundles/installation]: TorBrowser connects over clearnet after activation of 'hidden' torbutton option
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #11384 [Tor bundles/installation]: TorBrowser connects over clearnet after activation of 'hidden' torbutton option
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #11384 [TorBrowserButton]: TorBrowser connects over clearnet after activation of 'hidden' torbutton option
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #11384 [TorBrowserButton]: TorBrowser connects over clearnet after activation of 'hidden' torbutton option
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #11384 [TorBrowserButton]: TorBrowser connects over clearnet after activation of 'hidden' torbutton option
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #2454 [Tor]: We should check our IP immediately when cbt notes the network is live again
Next by Author: Re: [tor-bugs] #11384 [Tor bundles/installation]: TorBrowser connects over clearnet after activation of 'hidden' torbutton option
Previous by thread: Re: [tor-bugs] #8787 [Tor]: Check return values for more unix functions
Next by thread: Re: [tor-bugs] #11384 [Tor bundles/installation]: TorBrowser connects over clearnet after activation of 'hidden' torbutton option
Index(es):
- Author
- Thread