[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #22089 [Applications/Tor Browser]: Add Decentraleyes to slighten off a bit Exit traffic and work around some CDNs blocking of Tor



#22089: Add Decentraleyes to slighten off a bit Exit traffic and work around some
CDNs blocking of Tor
-------------------------------------------------+-------------------------
 Reporter:  imageverif                           |          Owner:  tbb-
                                                 |  team
     Type:  enhancement                          |         Status:
                                                 |  needs_review
 Priority:  Medium                               |      Milestone:
Component:  Applications/Tor Browser             |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  tbb-usability-website, tbb-          |  Actual Points:
  performance                                    |
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------

Comment (by cypherpunks):

 Replying to [comment:22 gk]:
 > I am not convinced yet this is worth the effort. comment:18 is a good
 start, we should think about expanding it. E.g. there are clear security
 downsides in the sense that a new extension added to Tor Browser means a
 new attack vector and we would need to spend a considerable amount of time
 to review the code every new release contains and as we want to get away
 from automatic extensions updates anyway we would start to monitor
 upstream libraries for security fixes to the locally shipped libraries.
 That could easily result in quite some effort from our side...
 There's already a
 [https://git.synz.io/Synzvato/decentraleyes/tree/master/audit script] that
 does this automatically for you:

 > This audit script allows any user and extension reviewer to verify the
 integrity of the bundled resources. It automatically, and transparently,
 compares all bundled libraries to their original sources.
 >
 > https://git.synz.io/Synzvato/decentraleyes/tree/master/audit

 Running it once before every release doesn't sound too bad.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22089#comment:25>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs