Opened 4 years ago

Last modified 4 years ago

#17432 new defect

(.onion) Bookmarks and Data Forensics

Reported by: mrphs Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: UX
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

When you need to visit an specific .onion repeatedly, you mainly have two options:

  1. Bookmark it
  2. write them down on a piece of paper

-as you might have guessed no one goes for the second option, so let's talk about the first one-

Bookmarks are currently being stored in clear on disk.

Scenario: A person gets arrested by [put-your-fav-adversary-here] with Tor Browser installed on their computer. So far so good. We've a big range of users... plausible deniablity and all that. Until... they find a link to say a whistle-blowing platform bookmarked on their Tor Browser.

How do we want to deal with this issue?

Should we show user a warning message when they're bookmarking an .onion address, like the one we do when they try to download something and advise them not to bookmark any sensitive address?

Should we somehow encrypt their bookmarks with a password or something? (Tails style)

Should we give them an option to plug in a (possibly encrypted) external storage like a USB stick and never save the bookmark on the primary disk?

Bookmarks are one of the most effective tool users have to defeat phishing attacks.

How do we communicate danger to users?

Child Tickets

Change History (3)

comment:1 Changed 4 years ago by mrphs

Summary: Bookmarks and Data Forensics(.onion) Bookmarks and Data Forensics

comment:2 Changed 4 years ago by yawning

So, defense in depth is a good thing, but isn't this the sort of thing that Full Disk Encryption is for?

Should we show user a warning message when they're bookmarking an .onion address, like the one we do when they try to download something and advise them not to bookmark any sensitive address?

Is probably the least effort for arguably the most gain, since this is fundamentally a user education problem. It would be nice if we had a nice user manual to point people at where this sort of issue (among other things) can be addressed in the depth it deserves.

Should we somehow encrypt their bookmarks with a password or something? (Tails style)

Maybe. This at least would be portable. It should be optional for people that don't require such things (eg: they only use Tor Browser for the circumvention aspect, say to look at spacebook from work).

Should we give them an option to plug in a (possibly encrypted) external storage like a USB stick and never save the bookmark on the primary disk?

I'm not sure if the existing Firefox code has a "please insert media now". If it doesn't exist this will be painful to write, and people still need to encrypt the USB stick somehow (I will assume that the bad guys will be thorough and seize every bit of technology when they nab our hypothetical user).

It would be good to figure this sort of thing out before Prop. 224 HSes become the norm, since the Ed25519 based Onion Addresses are even more of a UX disaster to work with.

comment:3 Changed 4 years ago by cypherpunks

Addon that encrypts bookmarks + browser history : https://addons.mozilla.org/en-US/firefox/addon/link-password/

Note: See TracTickets for help on using tickets.