On 2015-08-20 21:27, Cain Ungothep wrote:
Anybody care to make a peer-reviewed guide of how to check the >extensions for leaks, cheats and other dirty tricks?I would say use the source, Lara. It's problematic, of course, since it requires an expert not only on programming, networking, privacy and security but also on Mozilla's extension architecture. But really, I don't think there's any other way.
I doubt there are many people who are truly competent to check the source. You don't just need a programmer who checks to make sure the code does what they expect, but also that there aren't any corner cases where something does leak, just a little.
To be secure, one must also check the entirety of the Firefox source, since Firefox could easily have some behaviour which intentionally leaks when Tor is active (and possibly only when other conditions are met, to reduce the odds of anyone who isn't a target from observing any unexpected behaviour)
-- Dave Warren http://www.hireahit.com/ http://ca.linkedin.com/in/davejwarren -- tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk