[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: New Torbutton (1.1.4-alpha)

Thus spake Roger Dingledine (arma@xxxxxxx):

> On Mon, Jul 09, 2007 at 02:16:55AM -0700, Mike Perry wrote:
> > As some of you know, I've been working on a security-enhanced version
> > of Torbutton to handle all sorts of anonymity vulnerabilities present
> > in a standard Firefox configuration (see the big fat warning on
> > http://tor.eff.org/download.html.en - the goal is to make all that
> > text irrelevant).
> Hi Mike,
> Looks like great progress. One question though -- one of the warnings on
> that page that bothers me is "Consider removing extensions that look up
> more information about the websites you type in (like Google toolbar),
> as they may bypass Tor and/or broadcast sensitive information." Is
> this one of the warnings that we're going to have to keep (along with
> "you need to send your traffic through Tor for Tor to have any prayer of
> helping you" and "don't send plaintext passwords over the Internet"), or
> is there something we can do about other extensions doing local resolves?

This is a good question. For any non-XUL binary plugins, there is no
hope. For the stuff that is implemented as javascript, we have a
prayer of it obeying proxy settings, but it can also randomly disable
those as it sees fit. Other extensions can also send unique
identifiers at inconvenient times (stumbleupon and other such website
recommenders come to mind).

So these types of warnings should remain, sadly. But the gauntlet of
recommended plugins and such can be removed at least. I would say we
can do away with warnings 2 and 3, assuming people will use the
defaults of Torbutton and heed the relevant warnings it has in its
own documentation when changing them.

> > The extension itself, and more information on the individual
> > features/options are available at the horrifyingly stoic homepage:
> > http://torbutton.torproject.org/dev/
> I really like your "Description of Options" section of this page. I
> recognize they can't be tooltips yet -- are those Firefox bugs going
> to be fixed soon, or should we think about adding a "Help" window to
> Torbutton to explain what all these things are for people who can't get
> to the website?

Well the bugs are marked as fixed.. Not sure of their backport status
though. The web development community loves to bitch about them, so
hopefully firefox will backport into or something. I probably
will add the tooltips anyways, so we have the strings there and
translated to create a help page if the fixes are never backported.

> (I'm not so enthusiastic about your use of javascript on the webpage
> though. ;)

Javascript is never going away, might as well get used to it. :) It's a
shame that particular javascript is broken though. Perhaps it is a
mimetype issue or something. Hopefully I or somebody can figure out wtf 
is going on so people can install the search plugins easily. I know
they are a huge convenience bonus for me.

Unless you think I should explain to the Windows users how to manually
download and copy xml files into their firefox install directory, so
they don't have to use javascript? ;)

> Now the obligatory usability bug report: if I choose "I will manually
> manage my cookies" in the Cookies window, what does that mean for the
> choices in the Shutdown window?

Should it automagically switch to "Let me manage my own Private Data

I cannot overemphasize how dangerous this setting is though.  If you
preserve any non-tor cookies during tor usage, these cookies can be
fetched by exit nodes, even if you were not visiting that website at
the time. This allows them to do things like download your entire gmail,
yahoo, or whatever inbox behind your back without your knowledge, from
a SINGLE Tor-based visit OF ANY WEBSITE.

Of course, the same thing can happen at your local coffee shop. But
how many local coffee shops are run by an ad-hoc collection of
thousands of semi-anonymous hackers? :)

Mike Perry
Mad Computer Scientist
fscked.org evil labs

Attachment: pgpBfTHHNss59.pgp
Description: PGP signature