Opened 4 years ago

Last modified 3 years ago

#21983 new defect

Should we do more to discourage custom prefs and nonstandard addons?

Reported by: arthuredelstein Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: tbb-usability, tbb-security
Cc: yawning, brade, mcs Actual Points:
Parent ID: Points:
Reviewer: Sponsor:


We make some effort to discourage users from setting nonstandard prefs in Tor Browser, or installing 3rd-party extensions/plugins. But maybe we can do more? For example, should we pop up a warning about deanonymization when users first attempt to modify a pref or install an addon? And if users click past that warning, should be periodically pop up warnings in the future to let users know they have nonstandard prefs or a nonstandard addon installed?

Child Tickets

Change History (7)

comment:1 Changed 4 years ago by yawning

Cc: yawning added


For what it's worth, sandboxed-tor-browser uses a read-only extensions directory, unless the user explicitly configures it read/write. It doesn't do anything with prefs, beyond locking certain prefs.

In general my feeling is that if people want to reduce their anonymity set/get owned because they decied to installing random addons or setting placebo tinfoil hat prefs they copy-pasted off some blog/forum/whatever, they should be free to.

I think a different question is, should we have something equivalent to /proc/sys/kernel/tainted so it's blatantly obvious that they voided their (non-existent) warranty when something breaks.

comment:2 Changed 4 years ago by arma

Maybe the about:tor homepage is a good place to notify users of their non-standardness and why it's scary?

comment:3 in reply to:  2 Changed 4 years ago by yawning

Replying to arma:

Maybe the about:tor homepage is a good place to notify users of their non-standardness and why it's scary?

about:support has Important Modified Preferences, which could probably be tailored for this sort of application.

On a related note, insert rant about how going back to stock standard everything requires re-installing the entire browser, instead of just obliterating the profile directory here.

comment:4 Changed 4 years ago by cypherpunks

Warning about it changes your fingerprint, linkability, etc would be good.

comment:5 Changed 4 years ago by mcs

Cc: brade mcs added

comment:6 Changed 3 years ago by cypherpunks

I frequently see misguided "guides" which tell people to change their preferences, and I have argued for hours with people who believe the same. Various silly things are suggested such as disabling referers, randomizing user agent, changing CSS behavior, messing with codec or font support, and more. I would like to see a big fat warning on each start of Tor Browser when the prefs are modified, but only if there is a way to silence it (such as through a scary sounding preference that can be manually added). This way, the few people who have genuine reasons to change the prefs, and fully understand which result in security or fingerprinting risks will be able to use the browser without annoyances.

Perhaps it could be implemented with that small drop-down information bar which is also used for browser maximization warnings.

Note: See TracTickets for help on using tickets.