[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #5300 [Tor bundles/installation]: TBB shows SSL observatory popup

To: undisclosed-recipients:;
Subject: Re: [tor-bugs] #5300 [Tor bundles/installation]: TBB shows SSL observatory popup
From: "Tor Bug Tracker & Wiki" <torproject-admin@xxxxxxxxxxxxxx>
Date: Tue, 06 Mar 2012 19:41:19 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 06 Mar 2012 14:41:33 -0500
In-reply-to: <049.d6641cabd2fb5cdeed46319e3196464e@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: Tor bug tracker status mails <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <049.d6641cabd2fb5cdeed46319e3196464e@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx

#5300: TBB shows SSL observatory popup
--------------------------------------+-------------------------------------
 Reporter:  Sebastian                 |          Owner:  erinn
     Type:  defect                    |         Status:  new  
 Priority:  major                     |      Milestone:       
Component:  Tor bundles/installation  |        Version:       
 Keywords:                            |         Parent:       
   Points:                            |   Actualpoints:       
--------------------------------------+-------------------------------------

Comment(by mikeperry):

 I think the popup is a bit scary looking, and still hard to identify as
 coming from HTTPS-Everywhere. Perhaps independent of that, I don't think
 we should display it by default for TBB, because TBB users might not even
 know what HTTPS-Everywhere is, as they did not install it by choice.

 As for turning the feature on by default for TBB, the main blocker for
 that is that it looks like submission is still going to
 https://observatory.eff.org.. However, Tor Exit Enclaves only really work
 properly when you use IP address. This means that users who turn the
 feature on can be recognized by exits and get fingerprinted or treated
 differently, because the observatory traffic will often be sent on the
 same circuit as browsing traffic.

 Otherwise, I believe this feature is at worst equivalent to OCSP in terms
 of privacy risk for our users, and we've had OCSP on for years even though
 it does nothing for users in terms of security.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5300#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

References:
- [tor-bugs] #5300 [Tor bundles/installation]: TBB shows SSL observatory popup
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #5109 [Vidalia]: "Unrecognized startup status" starting tbb
Next by Author: Re: [tor-bugs] #5314 [Obfsproxy]: sha256.h has no copyright line at the top
Previous by thread: Re: [tor-bugs] #5300 [Tor bundles/installation]: TBB shows SSL observatory popup
Next by thread: Re: [tor-bugs] #5300 [Tor bundles/installation]: TBB shows SSL observatory popup
Index(es):
- Author
- Thread