[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #21549 [Applications/Tor Browser]: Investigate wasm for linkability/fingerprintability/disk avoidance issues

To: undisclosed-recipients: ;
Subject: Re: [tor-bugs] #21549 [Applications/Tor Browser]: Investigate wasm for linkability/fingerprintability/disk avoidance issues
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Wed, 19 Dec 2018 07:55:29 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 19 Dec 2018 02:55:40 -0500
In-reply-to: <042.47107fef4cd06475f9de7d8a1712ad73@torproject.org>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <042.47107fef4cd06475f9de7d8a1712ad73@torproject.org>
Reply-to: no-reply@xxxxxxxxxxxxxx, tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#21549: Investigate wasm for linkability/fingerprintability/disk avoidance issues
--------------------------------------------+--------------------------
 Reporter:  gk                              |          Owner:  tbb-team
     Type:  task                            |         Status:  new
 Priority:  Very High                       |      Milestone:
Component:  Applications/Tor Browser        |        Version:
 Severity:  Normal                          |     Resolution:
 Keywords:  ff60-esr, TorBrowserTeam201809  |  Actual Points:
Parent ID:                                  |         Points:
 Reviewer:                                  |        Sponsor:
--------------------------------------------+--------------------------

Comment (by gk):

 Replying to [comment:18 legind]:
 > @gk I'm concerned that extensions are a single-click install in most
 cases, and privileging them in general will open identifiable
 characteristics to possibly irresponsible third parties.  Can we whitelist
 WASM by extension ID?

 Maybe. However, the current policy is that users are responsible
 themselves for possible fallout if they are installing other extensions
 into their Tor Browser. This is not recommended for all sorts of reasons.

 Webextensions got already "privileged" by allowing JavaScript to run in
 general if it is disabled in the browser (you might remember
 https://bugzilla.mozilla.org/show_bug.cgi?id=1329731). I think it is more
 straightforward to follow the reasoning dveditz outlined in
 https://bugzilla.mozilla.org/show_bug.cgi?id=1329731#c7 arguing that
 disabling WASM for extensions (while allowing it for the remaining parts
 of the privileged browser) is not the right solution.

 FWIW: that Mozilla bug might be a good start for investigating how to
 enable WASM for extensions only but not content (by checking the principal
 accordingly).

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21549#comment:19>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: [tor-bugs] #28865 [Core Tor/sbws]: sbws keeps the number of AsyncResults less than the number of threads
Next by Author: Re: [tor-bugs] #28770 [Internal Services/Tor Sysadmin Team]: Please create email alias for Browser Team dev job posting
Previous by thread: Re: [tor-bugs] #21549 [Applications/Tor Browser]: Investigate wasm for linkability/fingerprintability/disk avoidance issues
Next by thread: Re: [tor-bugs] #21549 [Applications/Tor Browser]: Investigate wasm for linkability/fingerprintability/disk avoidance issues
Index(es):
- Author
- Thread