Opened 4 years ago

Last modified 6 months ago

#19119 new enhancement

Repurpose block-malicious-sites-checkbox on TLS error page in Tor Browser

Reported by: gk Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: network-health, TorBrowserTeam202006
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Right now the checkbox on the neterror page sends a report about an TLS error to Mozilla (containing host, port, timestamp, useragent, update channel, buildid, certificate chain and version of that feature). We might want to repurpose that checkbox as, first, I see no reason why Mozilla should gather data related to a Tor Browser user. Second, this message is highly confusing in our context. Say, an exit node is MITMing a user. Why should the user report that to Mozilla in order to identify and block malicious sites? What is Mozilla supposed to do with that information?

We could think about having an own infrastructure for this that might help detecting bad relays

Child Tickets

Change History (3)

comment:1 Changed 9 months ago by gk

Keywords: network-health added

#32321 deals with Mozilla's MitM check pref. Might be interesting to think about that for ourselves.

comment:2 Changed 9 months ago by sysrqb

Keywords: TorBrowserTeam202002 added

Setting this at some time in the future. I can see us prioritizing this as it could leak onion addresses in self-signed certs (if I'm understanding this error case correctly). The exit-node-mitm situation is an interesting case, and Tor Browser providing a mechanism for people to report this is a neat idea.

comment:3 Changed 6 months ago by sysrqb

Keywords: TorBrowserTeam202006 added; TorBrowserTeam202002 removed

Actually set it for some time in the future.

Note: See TracTickets for help on using tickets.