Opened 5 years ago

Last modified 2 weeks ago

#10760 new defect

Integrate TorButton to TorBrowser core to prevent users from disabling it

Reported by: Rezonansowy Owned by: tbb-team
Priority: High Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: AffectsTails, tbb-parity, TorBrowserTeam201904, GeorgKoppen201904
Cc: yawning, boklm, igt0, intrigeri Actual Points:
Parent ID: #24855 Points:
Reviewer: Sponsor:

Description

I mean integration like this with pdf.js addon, which was simply integrated to Firefox core.

Child Tickets

TicketStatusOwnerSummaryComponent
#25013closedtbb-teamMove TorButton code to the tor browser repositoryApplications/Tor Browser
#25856newtbb-teamRemove XUL overlays from TorbuttonApplications/Tor Browser
#27511reopenedtbb-teamAdd New identity button to toolbarApplications/Tor Browser
#28561assignedpospeselrMigrate custom 'About Tor Browser' dialog from torbutton to tor-browser brandingApplications/Tor Browser

Change History (27)

comment:1 Changed 5 years ago by Rezonansowy

Component: - Select a componentTor bundles/installation
Owner: set to erinn

comment:2 Changed 5 years ago by cypherpunks

Some users use the the "core" as a privacy-enhanced Firefox. I use the FF ESR Portable executable launcher to facilitate this.

comment:3 Changed 5 years ago by Rezonansowy

Summary: Iintegrate TorButton and TorLauncher to TorBrowser core to prevent users from disabling themIntegrate TorButton and TorLauncher to TorBrowser core to prevent users from disabling them

comment:4 in reply to:  2 Changed 5 years ago by Rezonansowy

Replying to cypherpunks:

Some users use the the "core" as a privacy-enhanced Firefox. I use the FF ESR Portable executable launcher to facilitate this.

I meant that core is the place where are located integrated addons, which you can't disable in, for example - pdf.js addon.
Allowing users to disable something which even has no description (e.g. TorLauncher) would allow them to completely turn off their privacy by browsing through Tor.

comment:5 Changed 5 years ago by erinn

Keywords: needs-triage added

comment:6 Changed 5 years ago by Rezonansowy

Priority: normalmajor

I think this must be fixed soon, it really makes a big risk to many less experienced users.

comment:7 Changed 4 years ago by cypherpunks

Component: Tor bundles/installationTor Browser
Owner: changed from erinn to tbb-team

comment:8 Changed 3 years ago by nord-stream

Severity: Normal

We can use the directories <app_dir>/browser/extensions or <app_dir>/browser/features to enforce the proper installation of the add-ons.

comment:9 Changed 3 years ago by cypherpunks

Integrate TorButton and TorLauncher to TorBrowser core to prevent users from disabling them

Fuck off. I use TB without Tor to get access to I2P. Sometimes I use TB with plugins disabled when I'm offline.

Last edited 3 years ago by cypherpunks (previous) (diff)

comment:10 Changed 2 years ago by yawning

Cc: yawning added

comment:11 Changed 23 months ago by boklm

Cc: boklm added

comment:12 Changed 14 months ago by gk

Parent ID: #24855

comment:13 Changed 3 months ago by gk

Cc: igt0 added
Keywords: TorBrowserTeam201901 added; needs-triage removed
Summary: Integrate TorButton and TorLauncher to TorBrowser core to prevent users from disabling themIntegrate TorButton to TorBrowser core to prevent users from disabling them

That's the ticket for Torbutton now. The one for Tor Launcher is #28044.

comment:14 Changed 3 months ago by intrigeri

Cc: intrigeri added

comment:15 Changed 3 months ago by intrigeri

Keywords: AffectsTails added

FTR, Tails' "Unsafe Browser" is basically Tor Browser, with Torbutton disabled and a scary homepage. It would be nice if there were still a hidden way for us to disable Torbutton for that browser profile. Otherwise, we'll have to ship binaries for another browser, which will make our ISO and upgrade delta significantly bigger. In order to plan Tails work on this topic, I need to know whether it'll still be possible to disable Torbutton somehow, and if not, I would be very grateful to learn what's the timeline is here, e.g. whether the plan is to ship this change in Tor Browser 8.5. Thanks in advance! Please let me know if you need additional info from me to answer my questions :)

comment:16 in reply to:  15 ; Changed 3 months ago by gk

Replying to intrigeri:

FTR, Tails' "Unsafe Browser" is basically Tor Browser, with Torbutton disabled and a scary homepage. It would be nice if there were still a hidden way for us to disable Torbutton for that browser profile.

I see. I'll keep that in mind and I guess we could make a hidden pref available or something.

Otherwise, we'll have to ship binaries for another browser, which will make our ISO and upgrade delta significantly bigger. In order to plan Tails work on this topic, I need to know whether it'll still be possible to disable Torbutton somehow, and if not, I would be very grateful to learn what's the timeline is here, e.g. whether the plan is to ship this change in Tor Browser 8.5. Thanks in advance! Please let me know if you need additional info from me to answer my questions :)

We didn't plan to have the option of disabling Torbutton. But we can try to make that happen. I doubt we'll have this ready for 8.5. I mean we probably could but I think we should have some more time to test this, in particular as there are downstream projects that might be affected by this. But this should land in alphas definitely way before we start the esr68 transition. So, my current plan is to have this in Tor Browser 9.0a1, which should get out end of March/begin of April.

FWIW: you might be interested in #28044, too.

comment:17 in reply to:  16 ; Changed 3 months ago by intrigeri

Replying to gk:

Replying to intrigeri:

FTR, Tails' "Unsafe Browser" is basically Tor Browser, with Torbutton disabled and a scary homepage. It would be nice if there were still a hidden way for us to disable Torbutton for that browser profile.

I see. I'll keep that in mind and I guess we could make a hidden pref available or something.

Great :)

But this should land in alphas definitely way before we start the esr68 transition. So, my current plan is to have this in Tor Browser 9.0a1, which should get out end of March/begin of April.

Thanks, now tracking this on https://redmine.tails.boum.org/code/issues/16357.

FWIW: you might be interested in #28044, too.

Yep, this one is on our radar (we discussed it in the roadmap thread :)

comment:18 in reply to:  17 ; Changed 3 months ago by gk

Replying to intrigeri:

Replying to gk:

Replying to intrigeri:

FTR, Tails' "Unsafe Browser" is basically Tor Browser, with Torbutton disabled and a scary homepage. It would be nice if there were still a hidden way for us to disable Torbutton for that browser profile.

I see. I'll keep that in mind and I guess we could make a hidden pref available or something.

Great :)

FWIW: integration of the various Torbutton pieces directly into the browser (without having an extension-like thing to disable anymore) might complicate the pref plan but it should still be possible. One thing that would be good to know is whether _all_ Torbutton features should be disabled or just, say, the Tor proxy related ones (I could easily see why the unsecure browser in Tails could have the external helper app warning dialog enabled (which is covered by an own pref anyway) or similar non-proxy features).

comment:19 Changed 3 months ago by gk

Keywords: GeorgKoppen201901 added

comment:20 Changed 3 months ago by gk

Keywords: GeorgKoppen201902 added; GeorgKoppen201901 removed

Moving my tickets to Feb

comment:21 Changed 3 months ago by gk

Keywords: TorBrowserTeam201902 added; TorBrowserTeam201901 removed

Moving tickets to February.

comment:22 in reply to:  18 Changed 2 months ago by intrigeri

Replying to gk:

One thing that would be good to know is whether _all_ Torbutton features should be disabled or just, say, the Tor proxy related ones (I could easily see why the unsecure browser in Tails could have the external helper app warning dialog enabled (which is covered by an own pref anyway) or similar non-proxy features).

Sorry for the delay! I think it's fine for us to have only the proxy features disabled, if this makes things easier for you.

comment:23 Changed 7 weeks ago by gk

Keywords: TorBrowserTeam201903 added; TorBrowserTeam201902 removed

Moving my tickets to March.

comment:24 Changed 7 weeks ago by gk

Keywords: GeorgKoppen201903 added; GeorgKoppen201902 removed

Now for my keyword.

comment:25 Changed 6 weeks ago by gk

Keywords: tbb-parity added
Summary: Integrate TorButton to TorBrowser core to prevent users from disabling themIntegrate TorButton to TorBrowser core to prevent users from disabling it

comment:26 Changed 3 weeks ago by gk

Keywords: TorBrowserTeam201904 added; TorBrowserTeam201903 removed

Moving tickets to April.

comment:27 Changed 2 weeks ago by gk

Keywords: GeorgKoppen201904 added; GeorgKoppen201903 removed

Moving my tickets for April

Note: See TracTickets for help on using tickets.