Opened 10 years ago

Closed 10 years ago

#1235 closed defect (fixed)

TorButton message is confusing and scary

Reported by: adam Owned by:
Priority: High Milestone:
Component: Applications/Torbutton Version:
Severity: Keywords:
Cc: adam, mikeperry Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description (last modified by mikeperry)

The Torbutton error "Torbutton blocked changed-state history manipulation. This is to work around af
irefox security bug.

Hit enter in the location box or opena new window or tab instead." is scary and confusing.

Suggested replacement:

"Torbutton blocked changed-state history manipulation to protect your privacy. If you have windows or tabs which are suddenly empty, try hitting return in the address bar to restore the content.
For more information, right-click on Torbutton in the status bar and select "Change state bug info."

[Automatically added by flyspray2trac: Operating System: All]

Child Tickets

Attachments (1)

torbutton-1.2.5pre4.xpi (422.3 KB) - added by mikeperry 10 years ago.

Download all attachments as: .zip

Change History (5)

comment:1 Changed 10 years ago by mikeperry

Hrmm, the problem is that this is suggesting the user undertake behaviour that will compromise their privacy.

Those windows are now empty because the browser is in a different Tor state and they tried to reload themselves

(in the malicious case, this would lead the user to fall victim to an exploit attempting to de-anonymize them).

The ideal message would inform the user to switch back into the proper tor mode for auto reloads, or to hit enter
in the url bar if they had hit reload themselves..

comment:2 Changed 10 years ago by adam

How about:

"If windows or tabs are suddenly empty, TorButton is preventing correlation attacks. Switch back into the Tor mode you were using when you last saw the content, and reload it. You should close the tab before switching again."

comment:3 Changed 10 years ago by mikeperry

Message is now:

"Torbutton blocked activity from a tab loaded in a different Tor state.

This is to work around Firefox Bugs 409737 and 417869.

If this popup seemed to happen for no reason, one of your tabs is attempting to reload itself in the background, and this was blocked.

To reload the tab in this Tor state, hit 'enter' in the URL location box."

You can try it in the torbutton-1.2.5pre4.xpi in the attachments tab here. Let me know what you think.

Changed 10 years ago by mikeperry

Attachment: torbutton-1.2.5pre4.xpi added

comment:4 Changed 10 years ago by mikeperry

Description: modified (diff)
Resolution: Nonefixed
Status: newclosed

Fixed in 1.2.5.

Note: See TracTickets for help on using tickets.