[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #9387 [Tor Launcher]: Tor Launcher/Torbutton should provide a "Security Slider"

Subject: Re: [tor-bugs] #9387 [Tor Launcher]: Tor Launcher/Torbutton should provide a "Security Slider"
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Thu, 30 Oct 2014 22:03:13 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 30 Oct 2014 18:03:22 -0400
In-reply-to: <049.94b154e05daadf1446d860c4f459dda9@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <049.94b154e05daadf1446d860c4f459dda9@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#9387: Tor Launcher/Torbutton should provide a "Security Slider"
-------------------------+-------------------------------------------------
     Reporter:           |      Owner:  gk
  mikeperry              |     Status:  needs_information
         Type:           |  Milestone:
  enhancement            |    Version:
     Priority:  major    |   Keywords:  TorBrowserTeam201410D, tbb-
    Component:  Tor      |  security, tbb-usability, tbb-linkability,
  Launcher               |  tbb-3.0, extdev-interview, tbb-isec-report,
   Resolution:           |  MikePerry201410R, tbb-4.5-alpha
Actual Points:           |  Parent ID:
       Points:           |
-------------------------+-------------------------------------------------

Comment (by gk):

 Replying to [comment:58 mikeperry]:
 > Well, I don't think `noscript.allowHttpsOnly` exists.

 Well, take a look at a vanilla NoScript .xpi and you'll find it in the
 preferences file which it includes.

 > We want `noscript.globalHttpsWhitelist` to be set only in mode 3. In
 that mode, we also want https: in the whitelist
 (`capability.policy.maonoscript.sites`).
 >
 > In modes 1, 2, and 4 we want `noscript.globalHttpsWhitelist` unset. We
 also want 'https:' removed from  `capability.policy.maonoscript.sites` in
 these modes.
 >
 > I will update the summary in comment:43.

 Okay, I think I've addressed this issue and a working checkbox/custom mode
 is contained in bug_9387_test_02 as well. What is still missing is:

 -tooltips/help buttons explaining the security levels
 -preferences for disabling SVG and MathML (#12827 and #13548)
 -the test mentioned in comment:57
 -thinking about some custom settings corner cases (Should they be
 preserved during New Identity? Should they be reset during start-up?)

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/9387#comment:59>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #13019 [Tor Browser]: New locale fingerprinting capabilities in FF31ESR
Next by Author: [tor-bugs] #13612 [Tor Browser]: social.remote-install.enabled option in Tor Browser 4.0
Previous by thread: Re: [tor-bugs] #9387 [Tor Launcher]: Tor Launcher/Torbutton should provide a "Security Slider"
Next by thread: [tor-bugs] #13560 [Tor Browser]: Tor Browser Bundle crashes with coca-cola.com.mx
Index(es):
- Author
- Thread