[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #31019 [Applications/Tor Browser]: Investigate update on Windows via BITS

To: undisclosed-recipients: ;
Subject: [tor-bugs] #31019 [Applications/Tor Browser]: Investigate update on Windows via BITS
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Fri, 28 Jun 2019 10:53:50 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 28 Jun 2019 06:54:02 -0400
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
Reply-to: no-reply@xxxxxxxxxxxxxx, tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#31019: Investigate update on Windows via BITS
-------------------------------------+-------------------------------------
     Reporter:  gk                   |      Owner:  tbb-team
         Type:  task                 |     Status:  new
     Priority:  Medium               |  Milestone:
    Component:  Applications/Tor     |    Version:
  Browser                            |   Keywords:  ff68-esr, tbb-update,
     Severity:  Normal               |  tbb-proxy-bypass
Actual Points:                       |  Parent ID:
       Points:                       |   Reviewer:
      Sponsor:                       |
-------------------------------------+-------------------------------------
 It seems there is coming a new update method for Windows users with
 Firefox 68 ESR which is called BITS (Background Intelligent Transfer
 Service), which is a Windows component.[1] The marketing promise is that
 "This change will allow Firefox to continue downloading an update
 after Firefox has been closed." [2]  which seems to be dangerous in the
 Tor Browser context.

 There is a pref we can flip, though to use the older internal updater [3].
 However, we should make sure the potential proxy bypass I am seeing here
 is actually mitigated by that.

 [1] https://www.ghacks.net/2019/06/24/firefox-will-use-bits-on-windows-
 for-updates-going-forward/
 [2]
 https://groups.google.com/forum/#!topic/mozilla.dev.platform/PCzoYCfi_fk
 [3] https://bugzilla.mozilla.org/show_bug.cgi?id=1553977

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/31019>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Follow-Ups:
- Re: [tor-bugs] #31019 [Applications/Tor Browser]: Investigate update on Windows via BITS
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #31019 [Applications/Tor Browser]: Investigate update on Windows via BITS
  - From: Tor Bug Tracker & Wiki

Prev by Author: [tor-bugs] #30943 [- Select a component]: Show Tor Browser version on Android
Next by Author: Re: [tor-bugs] #29710 [Core Tor/sbws]: sbws reports 6200 relays, 1000 fewer than Torflow's 7200
Previous by thread: [tor-bugs] #31018 [Applications/Tor Browser]: about:plugins error
Next by thread: Re: [tor-bugs] #31019 [Applications/Tor Browser]: Investigate update on Windows via BITS
Index(es):
- Author
- Thread