Opened 5 years ago

Closed 4 years ago

#10730 closed defect (fixed)

Privacy leak ONLY on Ubuntu 13.10/Unity using default official Tor Browser Bundle (including Vidalia issues)

Reported by: damico Owned by: erinn
Priority: Medium Milestone:
Component: Applications/Tor bundles/installation Version:
Severity: Keywords: needs-triage
Cc: gk Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

I had filed this bug to Canonical, but they immediately said to file it here, against Tor, instead:
URL: launchpad
TITLE: Privacy leak ONLY on Ubuntu 13.10/Unity using default official Tor Browser Bundle (including Vidalia)
DESCRIPTION:
There is an insidious privacy leak (aka security flaw) when using the default Tor Browser Bundle on Ubuntu 13.10/Unity.

I do not know if this problem occurs on any other Ubuntu version, but, I do know that this problem does NOT occur on four other operating systems where I currently use the Tor Browser Bundle (namely Windows 7, Windows XP, Centos6, and RHEL6).

The problem is that every single user who follows the standard instructions to install the default Tor Browser Bundle on Ubuntu 13.10 will constantly have to doublecheck Ubuntu 13.10 to see WHICH browser they are opening (which, arbitrarily, will either be the secure Tor or the insecure Firefox). While having to check the Help->About every time one opens up a browser is a problem enough to report as a bug, the worse effect is when a user inadvertently uses the wrong browser. Make no mistake about this - the repercussions can be severe (even fatal). If someone has a need for privacy, one single mistake can get them into a lot of trouble.

At the very least, that inevitable mistake would compromise an entire anonymous nym; and at the worse, well, I don't even want to think about what could happen in the worst case (depending on the government of the user whose anonymity is betrayed).

Fact is, with this bug, Ubuntu 13.10 can not be trusted with the Tor Browser Bundle. Period.

That's why this seemingly simple bug where, only on Ubuntu 13.10, Tor and Firefox are confused by the operating system, is actually a severe usability bug.

To reproduce, first simply install the Tor Browser Bundle on Ubuntu 13.10 , following published instructions.
Note that the Tor Browser Bundle is NOT in the repositories (AFAIK) so you'll need to get it off the default Tor web site.
I installed the 64-bit Tor on Ubuntu 13.10, but, the problem appears to be the same on 32-bit Ubuntu 13.10.

Then, once you have installed the Tor Browser Bundle using the standard method published on the Tor web site, launch both Tor and Firefox any way you like on Ubuntu 13.10.

You'll immediately find out that, by default, the (secure) Tor icon is inexplicably confused with the (insecure) Firefox.
That is, the launcher for Tor will not exist; so if you open a (secure) Tor browser and an (insecure) Firefox browser, you have to constantly click on the (insecure) Firefox launcher, and then carefully scrutinize the similar-looking windows (sometimes having to go as far as Help->About) in order to determine WHICH browser you're actually running.

One mistake (which is inevitable), and you're dead.
Note: On all other operating systems, the Tor Browser Bundle shows up as a DIFFERENT browser than the (insecure) Firefox., so there is vastly fewer chances for an inadvertent mistake.

To make matters worse, only on Ubuntu 13.10 (and not on all other operating systems tested), the Vidalia Control Panel (which comes standard with the Tor Browser Bundle) also doesn't show up after installing the Tor Browser Bundle as per the instructions on the Tor web site.

This means that all the control settings of Vidalia are NOT AVAILABLE to the user on Ubuntu, further potentially compromising the Ubuntu 13.10 users.

On the Ubuntu forums, there are long threads on how to partially work around these severe usability bugs, but, nobody yet has proposed a solution that actually works. All you can do so far is PARTIALLY disengage the (insecure) Firefox from the (secure) Tor Browser Bundle - but you still can't get Vidalia to come up, even with the proposed workarounds.

For INSTRUCTIONS on how to install the Tor Browser Bundle (English) on Ubuntu 13.10, simply go here:
https://www.torproject.org/projects/torbrowser.html.en
There is no sense reproducing those instructions here because they are standard for all Linux operating systems.

Once you install the Tor Browser Bundle, the problems I've described above will show themselves instantly, the moment you launch both an (insecure) Firefox browser and a (secure) Tor browser.

When this bug is fixed, I'd expect:

  1. When you install the Tor Browser Bundle on Ubuntu, a SEPARATE launcher for the (secure) Tor browser will result
  2. Also, a SEPARATE control panel for Vidalia will be available to the user.
  3. It would be expected that the (insecure) Firefox launcher will be unaffected.

Child Tickets

Change History (8)

comment:1 Changed 5 years ago by damico

Here is what the Canonical Ubuntu team asked me to do (which is why I filed this bug just now):

Quinn Balazs (qbalazs) wrote on 2014-01-24: #3

This sounds like an issue in the browser's behavior, rather than with Unity or Ubuntu. Please report this in TOR's bug tracker (track.torproject.org) and if they instruct you to report it here, open a new ticket here.

comment:2 Changed 5 years ago by arma

Component: - Select a componentTor bundles/installation
Owner: set to erinn
Priority: majornormal

You mention Vidalia several times -- are you using Tor Browser Bundle 3.5, or something older?

comment:3 Changed 5 years ago by damico

You mention Vidalia several times --
are you using Tor Browser Bundle 3.5, or something older?

I'm using the absolute latest 64-bit Linux Tor Browser Bundle on Ubuntu 13.10.
The tarball came from the standard Tor Browser Bundle download page.
The tarball was named: tor-browser-linux64-3.5_en-US.tar.xz
The same problem showed up with the previous tarball:
That tarball was named: tor-browser-gnu-linux-x86_64-2.3.25-16-dev-en-US.tar.gz
And, it occurred with the previous tarball to that one:
That previous tarball was named: tor-browser-gnu-linux-x86_64-2.3.25-14-dev-en-US.tar.gz
(I know this because I saved all the tarballs when I installed them.)

When I select the current TBB Help->About Tor Browser, it reports Firefox ESR 24.2.0.

I have been using Tor for years, so, maybe I am mixing up the terms, when I use the word "Vidalia". What I mean is the "Vidalia Control Panel", which, I used to see on Linux and Windows (but checking right now, I don't see the icon for it anymore).

So, while I'm confused about whether Vidalia still exists, the problem is that the Tor Browser Bundle is all mixed up with the Firefox launchers in Ubuntu. Personally, this seems like a Ubuntu problem, but, they said it's a Tor Browser Bundle problem, so that's why I'm here.

Here is a quick test:

  1. Take any Ubuntu 13.10 system using the default Unity desktop.
  2. Install Firefox (if it hasn't already been installed) & pin the icon to the desktop.
  3. Unpack the TBB (if not already unpacked) and run Tor & try to pin the icon to the deskop.

You'll probably fail to pin the icon to the desktop; but don't worry about that as that's a secondary issue.

Now run Firefox a few times.
Run the Tor Browser Bundle.

Then, iconify all the Firefox windows, and iconify the Tor Browser Bundle window.
Notice that you can't tell which is which.

Right click on the Firefox icon in the Unity launcher, and all the windows show up equally. The only way to tell is to SCRUTINIZE them very carefully, since they're all mixed up.

Essentially, there is no difference between the Firefox launcher and the Tor launcher.
For more details, see this Ubuntu Forum thread which agrees with that assessment:
Thread: Privacy threat due to 2 out-of-the-box bugs in ubuntu 13.10 Unity Tor Browser
http://ubuntuforums.org/showthread.php?t=2200951

comment:4 Changed 5 years ago by gk

Cc: gk added

comment:5 Changed 5 years ago by poncho

the same happens with gnome-shell

one solution would be to pass
--with-app-name=torbrowser
--with-app-basename=torbrowser
when building firefox/torbrowser

although I don't know what the privacy/fingerprinting implications might be...

comment:6 Changed 5 years ago by cypherpunks

Take a look at the fix from #11102 no recompiling needed, just a small change to the startup script

comment:7 Changed 5 years ago by erinn

Keywords: needs-triage added

comment:8 Changed 4 years ago by cypherpunks

Resolution: fixed
Status: newclosed

Vidalia is deprecated.
Closing, please create new ticket if it's an issue for latest TorBrowser.

Note: See TracTickets for help on using tickets.