[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #30570 [Applications/Tor Browser]: Implement per-site security settings support

To: undisclosed-recipients: ;
Subject: Re: [tor-bugs] #30570 [Applications/Tor Browser]: Implement per-site security settings support
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Tue, 14 Jan 2020 21:50:28 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 14 Jan 2020 16:50:43 -0500
In-reply-to: <042.b8d51a4221a8b35ce3ff43105f557816@torproject.org>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <042.b8d51a4221a8b35ce3ff43105f557816@torproject.org>
Reply-to: no-reply@xxxxxxxxxxxxxx, blackhole@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#30570: Implement per-site security settings support
-------------------------------------------------+-------------------------
 Reporter:  gk                                   |          Owner:
                                                 |  pospeselr
     Type:  enhancement                          |         Status:
                                                 |  assigned
 Priority:  High                                 |      Milestone:
Component:  Applications/Tor Browser             |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  ux-team, tbb-9.5,                    |  Actual Points:
  TorBrowserTeam202001                           |
Parent ID:  #25658                               |         Points:  10
 Reviewer:                                       |        Sponsor:
                                                 |  Sponsor9
-------------------------------------------------+-------------------------

Comment (by pospeselr):

 Ok small update on my findings regarding using uMatrix rather than
 NoScript as our content blocking 'backend'.

 uMatrix ( https://github.com/gorhill/uMatrix ) has a priority-based rules
 engine keyed on the first-party domain with various levels. IE rules can
 apply to anything, they can apply to the domain (cnn.com) or on a specific
 subdomain (badnews.cnn.com). Rules with a more specific filter override
 rules higher up the chain. IE if you block scripts globally (*) you can
 override this with an enable scripts rule for funstuff.com.

 With this rules engine in place, we could implement per-site script
 blocking and avoid NoScript's 'rule apply globally' problem.

 However, uMatrix buckets browser resources slightly differently than
 NoScript. For instance, with vanilla uMatrix to support blocking web fonts
 we would need to block css entirely. uMatrix also does not seem to support
 blocking WebGL at all. So while we get the rules-engine that we want, we
 do end up losing some security/privacy by not being able to block things
 by default as granularly (or at least in the same way) as the current
 version of Tor Browser.

 ----

 I brought up this ticket with Arthur and tjr today about whether Mozilla
 would be interested/what the right approach would be with regards to
 uplifting whatever we end up building into Firefox so we don't have to
 carry those patches. One interesting suggestion to come out of that
 discussion was to build our own web-extension, since uMatrix and NoScript
 fundamentally *can* do (in the sense of capabilities/permissions) what we
 want, they just don't quite meet our needs on the UX side.

 So, another approach could be to essentially rip out the content
 blocking/security bits from NoScript and uMatrix that we like, stick our
 own 3rd-party isolation respecting rules on top all within the web
 extension. Then, the only patches we would need to carry in Tor Browser
 itself would be much more light weight and only need to touch whatever
 systems the UX we land finalize on would need to touch (assuming it can't
 all be done in an extension).

 I think this approach has the advantage of potentially being a bit faster
 to spin up and implement (since we could theoretically start with a
 NoScript or uMatrix fork), though it does run counter to our long-term
 goals of integrating our *existing* extension's (torbutton, tor-launcher)
 functionality into Tor Browser. That said I don't actually have any
 experience developing web extensions so I don't know what the difference
 is in developer productivity over just writing modules in
 /browser/modules.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30570#comment:16>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #33092 [Core Tor/Tor]: Pass -bind_at_load on macOS
Next by Author: [tor-bugs] #32962 [Core Tor/Tor]: add_c_file: bug when adding to end of include.am
Previous by thread: Re: [tor-bugs] #31071 [Metrics/ExoneraTor]: Add a notice if we're missing data for a lookup
Next by thread: Re: [tor-bugs] #30570 [Applications/Tor Browser]: Implement per-site security settings support
Index(es):
- Author
- Thread