Opened 9 years ago

Closed 7 months ago

#1047 closed defect (wontfix)

Other Addons are overriding Torbutton-Settings

Reported by: MrSpock Owned by:
Priority: Very Low Milestone:
Component: Applications/Torbutton Version: Torbutton: 1.2.1
Severity: Normal Keywords:
Cc: MrSpock Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description (last modified by gk)

I realized that some other Addons (e. g. User Agent Switcher, RefControl etc.) are overwriting Torbutton's settings while surfing.
Would be great if Torbutton could prevent other Addons from overwriting Torbutton's settings (maybe Torbutton must de-activate (all) other Addons while surfing anonymous if there's no other way to give Prio 1 to Torbuttons settings).

I have just tested 2 more or less "uncritical" Addons. But maybe there a other Addons that could cause critical overrides in Torbutton.

[Automatically added by flyspray2trac: Operating System: All]

Child Tickets

Change History (6)

comment:1 Changed 9 years ago by mikeperry

What settings are being reset? Torbutton will reset your spoofed user agent if it is toggles and notices a non-default
useragent set by useragent switcher. It should otherwise allow you to shoot yourself in the head by setting your own
user agent manually while it is enabled. That is a feature.

comment:2 Changed 9 years ago by MrSpock

Some Explanations:

  1. UserAgentSwitcher for example uses "general.useragent.override" (about:config) as well as Torbutton does and thus changes Torbutton’s “general.useragent.override” entry.

While surfing with Tor/Torbutton I normally would expect to see Torbutton’s UserAgent (FF 3.0.7 / WinXP), but in fact the UserAgentSwitcher setting (Konqueror 3.0 / Linux) is shown on IP detecting sites like http://aruljohn.com/details.php

  1. RefControl: Only the (spoofed) Referrer from RefControl is shown while surfing with Tor; the setting in Torbutton “don’t send referrer” doesn’t have any effect.
  1. Meanwhile I use “HeaderControl” (instead of UserAgentSwitcher and RefControl).

I encountered the same problems:

3.1 User Agent: HeaderControl doesn’t use "general.useragent.override" and thus doesn’t change Torbutton’s “general.useragent.override” entry;

Nevertheless HeaderControl also somehow overrides Torbutton’s User Agent Settings, which means HeaderControl’s UserAgent is shown - not Torbutton’s User Agent while surfing with Tor.

(3.2 Referrer: Currently there’s a bug in HeaderControl; doesn’t work - so I can’t test it with Tor.)

3.3 Accept Language: Header Control overrides Torbutton’s Accept Language settings, which means HeaderControl’s Accept Language (“DE”) is shown - not Torbutton’s Accept Language (“EN”) while surfing with Tor.

(I just tested all items again with the latest version of Tor/Torbutton/Vidalia/Privoxy.)

comment:3 Changed 9 years ago by mikeperry

In 1.2.2 I added some code to prevent user agent switcher from resetting general.useragent.override. However,
the others are actually done by header filters and not via preferences. Very hard to override.

comment:4 Changed 8 years ago by erinn

Version: 1.2.1Torbutton: 1.2.1

Updating the version from 1.2.1 to Torbutton: 1.2.1 so I can close #1743.

comment:5 Changed 11 months ago by teor

Severity: Normal

Set all open tickets without a severity to "Normal"

comment:6 Changed 7 months ago by gk

Description: modified (diff)
Resolution: Nonewontfix
Status: newclosed

We won't defend against other add-ons installed by the user which are overriding security/privacy-related settings. Don't install those extensions in the first place.

Note: See TracTickets for help on using tickets.