[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-bugs] #30032 [Applications/Tor Browser]: Add warning or disable adding additional extensions
#30032: Add warning or disable adding additional extensions
------------------------------------------+----------------------
Reporter: legind | Owner: tbb-team
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Keywords:
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
------------------------------------------+----------------------
A few users of the Tor Browser have reached out to the EFF extension
developers team wanting help with Privacy Badger. As we've explained in
the past[1], installing Privacy Badger within Tor Browser can seriously
impede the anonymity guarantees of TB. Even extensions which under normal
circumstances in mainline Firefox would increase privacy can be harmful in
the TB context - for instance, canvas hash randomizers can move the
browser from the relatively large anonymity pool of "TB users on Linux" to
the much smaller pool of "TB users on Linux who have a canvas randomizer",
since the fact that your canvas is randomized is able to be determined by
any remote site. Users of TB are more likely to be power users and
install additional addons as well.
Currently, installing an extension in TB is as easy as doing the same in
Firefox. We should either disable the ability to install additional
extensions or add a highly eye-catching warning alerting users to the fact
that extensions, even ones that are privacy-oriented, can be harmful to
anonymity.
1. https://tor.stackexchange.com/questions/15653/why-does-tor-not-pre-
include-privacy-badger-or-disconnect-add-ons
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30032>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs