Opened 10 years ago
Closed 15 months ago
#1047 closed defect (wontfix)
Other Addons are overriding Torbutton-Settings
| Reported by: | MrSpock | Owned by: | |
|---|---|---|---|
| Priority: | Very Low | Milestone: | |
| Component: | Applications/Torbutton | Version: | Torbutton: 1.2.1 |
| Severity: | Normal | Keywords: | |
| Cc: | MrSpock | Actual Points: | |
| Parent ID: | Points: | ||
| Reviewer: | Sponsor: |
Description (last modified by )
I realized that some other Addons (e. g. User Agent Switcher, RefControl etc.) are overwriting Torbutton's settings while surfing.
Would be great if Torbutton could prevent other Addons from overwriting Torbutton's settings (maybe Torbutton must de-activate (all) other Addons while surfing anonymous if there's no other way to give Prio 1 to Torbuttons settings).
I have just tested 2 more or less "uncritical" Addons. But maybe there a other Addons that could cause critical overrides in Torbutton.
[Automatically added by flyspray2trac: Operating System: All]
Child Tickets
Change History (6)
comment:1 Changed 10 years ago by
comment:2 Changed 10 years ago by
Some Explanations:
- UserAgentSwitcher for example uses "general.useragent.override" (about:config) as well as Torbutton does and thus changes Torbutton’s “general.useragent.override” entry.
While surfing with Tor/Torbutton I normally would expect to see Torbutton’s UserAgent (FF 3.0.7 / WinXP), but in fact the UserAgentSwitcher setting (Konqueror 3.0 / Linux) is shown on IP detecting sites like http://aruljohn.com/details.php
- RefControl: Only the (spoofed) Referrer from RefControl is shown while surfing with Tor; the setting in Torbutton “don’t send referrer” doesn’t have any effect.
- Meanwhile I use “HeaderControl” (instead of UserAgentSwitcher and RefControl).
I encountered the same problems:
3.1 User Agent: HeaderControl doesn’t use "general.useragent.override" and thus doesn’t change Torbutton’s “general.useragent.override” entry;
Nevertheless HeaderControl also somehow overrides Torbutton’s User Agent Settings, which means HeaderControl’s UserAgent is shown - not Torbutton’s User Agent while surfing with Tor.
(3.2 Referrer: Currently there’s a bug in HeaderControl; doesn’t work - so I can’t test it with Tor.)
3.3 Accept Language: Header Control overrides Torbutton’s Accept Language settings, which means HeaderControl’s Accept Language (“DE”) is shown - not Torbutton’s Accept Language (“EN”) while surfing with Tor.
(I just tested all items again with the latest version of Tor/Torbutton/Vidalia/Privoxy.)
comment:3 Changed 10 years ago by
In 1.2.2 I added some code to prevent user agent switcher from resetting general.useragent.override. However,
the others are actually done by header filters and not via preferences. Very hard to override.
comment:4 Changed 9 years ago by
| Version: | 1.2.1 → Torbutton: 1.2.1 |
|---|
Updating the version from 1.2.1 to Torbutton: 1.2.1 so I can close #1743.
comment:5 Changed 19 months ago by
| Severity: | → Normal |
|---|
Set all open tickets without a severity to "Normal"
comment:6 Changed 15 months ago by
| Description: | modified (diff) |
|---|---|
| Resolution: | None → wontfix |
| Status: | new → closed |
We won't defend against other add-ons installed by the user which are overriding security/privacy-related settings. Don't install those extensions in the first place.
What settings are being reset? Torbutton will reset your spoofed user agent if it is toggles and notices a non-default
useragent set by useragent switcher. It should otherwise allow you to shoot yourself in the head by setting your own
user agent manually while it is enabled. That is a feature.