[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] Tor Browser IsolateSOCKSAuth behavior questions.



Yawning Angel:

[snip]

> My question is, what causes Tor Browser to set the SOCKS username to
> "--unknown--" and what the behavior should be in that case if:

Ideally, "--unknown--" would only be used for requests originating from
privileged browser code and not belonging to a website/resource a user
requested. This would encompass things like extensions update requests,
browser update requests, blocklist checks, requests issued by installed
extensions to name just a few. In reality, however, we are not there yet
(see e.g. #13670, #15599, #15555, #15569 + plus there is at least one
bug I have not filed yet).

>  * The destination is a ".onion" address.

#15499 should give you an idea (although I am not sure whether that
ticket is still valid)

>  * The destination is a ".i2p" address.

I don't know. Maybe we/you should coordinate that with the I2P folks?

>  * The destination is the I2P management console.
> 
>    I'm fairly sure this should be "deny".

Sounds good.

>  * The destination is any other address (will be dispatched over Tor if
>    running, I don't think I will attempt to support I2P outproxies
>    because they suck).  (I think allow because things break otherwise?)

I am not sure, honestly. What do you have in mind?

[snip]

> The final form of my shim will support running with any combination of
> "nothing" (Tor Browser just for the "privacy benefits", probably
> unsafe, I may reconsider this), I2P, and Tor (Though the most useful
> configuration is probably I2P + Tor).

Sounds useful, indeed. But I think we should make clear to users that
this will not be a proper Tor Browser replacement as you need knowledge
of the browser state to make correct assumptions on whether to put
requests into the "--unknown--" bucket or not. And I currently don't see
how your shim is able to accomplish that.

Georg


Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev