[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #3994 [Tor bundles/installation]: Get TorBrowser in Debian

To: undisclosed-recipients:;
Subject: Re: [tor-bugs] #3994 [Tor bundles/installation]: Get TorBrowser in Debian
From: "Tor Bug Tracker & Wiki" <torproject-admin@xxxxxxxxxxxxxx>
Date: Fri, 24 Feb 2012 21:21:34 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 24 Feb 2012 16:21:44 -0500
In-reply-to: <045.0cd3b95a57adc6120ef609afd5792ecf@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: Tor bug tracker status mails <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <045.0cd3b95a57adc6120ef609afd5792ecf@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx

#3994: Get TorBrowser in Debian
--------------------------------------+-------------------------------------
 Reporter:  lunar                     |          Owner:  erinn
     Type:  task                      |         Status:  new  
 Priority:  normal                    |      Milestone:       
Component:  Tor bundles/installation  |        Version:       
 Keywords:                            |         Parent:       
   Points:                            |   Actualpoints:       
--------------------------------------+-------------------------------------

Comment(by cypherpunks):

 One problem I can foresee with the idea of packaging TorBrowser for Debian
 is that the packaging of Firefox/Iceweasel usually lags behind upstream by
 several version numbers. This is particularly true of Debian stable. Thus
 it's likely that for most of the lifetime of each Debian stable release,
 the version of Iceweasel in stable will be considerably older than the
 version of Firefox that the upstream TorBrowser bundle is based on.

 It is probably possible for an active attacker to detect the underlying
 version of Firefox by probing the level of javascript/css/html support
 that the browser provides (e.g. see the ecmascript compatibility tables at
 http://kangax.github.com/es5-compat-table/ ). Thus a Debian-packaged
 TorBrowser will have a different "fingerprint" to a recent upstream
 TorBrowserBundle, and an attacker who is trying to track users will be
 able to distinguish between the two.

 If there are considerably fewer users of Debian-packaged TorBrowser than
 users of the upstream TorBrowserBundle on all platforms (which is likely),
 users of Debian-packaged TorBrowser would have significantly less
 anonymity than users of the upstream TorBrowserBundle.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/3994#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #5204 [Company]: Set up VM running Apache for Atlas/TorStatus
Next by Author: Re: [tor-bugs] #5204 [Company]: Set up VM running Apache for Atlas/TorStatus
Previous by thread: Re: [tor-bugs] #3762 [EFF-HTTPS Everywhere]: way to identify locally enabled/disabled rules
Next by thread: Re: [tor-bugs] #2506 [Tor Relay]: Design and implement a more compact GeoIP file format
Index(es):
- Author
- Thread