Opened 19 months ago

Last modified 6 months ago

#24310 new enhancement

Consider encrypted bookmarks addon for storing onions on the browser

Reported by: asn Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: new-addon
Cc: antonela, mcs, tom, phw, dmr, arthuredelstein, intrigeri Actual Points:
Parent ID: Points: 6
Reviewer: Sponsor:

Description (last modified by asn)

Onion addresses are hard to remember and with prop224 they are even harder, yada yada.

One technique that people are using to remember their onions are local browser bookmarks. That's a pretty secure way to do it actually, with the biggest drawback being that the bookmarks are stored long-term on your computer which is a problem if your computer gets compromised.

One way to improve the situation would be to be able to encrypt your bookmarks (a bit like a password manager) so that attackers without your password are not able to retrieve your list of onions.

Some extra features that would be cool to have:

  • Some sort of deniability where attackers are not able to see if you have any stored bookmarks if they don't know your password.
  • Extra storage for client authorization credential for those onions.
  • Even better this wouldn't be a separate addon, but just an enhancement over the current bookmark system of firefox, so that people don't need two understand two UXs.

I'm not sure if there is already an addon that does what we want to do here, but perhaps we could find something.

Child Tickets

Change History (17)

comment:1 Changed 19 months ago by asn

Description: modified (diff)

comment:2 Changed 19 months ago by mcs

Cc: mcs added

It looks like AMO includes some add-ons that try to do something similar, e.g., https://addons.mozilla.org/en-US/firefox/addon/webext-private-bookmarks/

comment:3 Changed 19 months ago by tom

Does Firefox's Master Password feature encrypt bookmarks?

Also, could you talk more about client authorization credentials for .onions? How are those provided today (For some reason I thought you had to edit torrc) via Tor Browser?

comment:4 Changed 19 months ago by tom

Cc: tom added

comment:5 Changed 19 months ago by phw

Cc: phw added

comment:6 in reply to:  3 Changed 19 months ago by asn

Replying to tom:

Does Firefox's Master Password feature encrypt bookmarks?

Did some digging online and this doesn't seem to be the case. Seems to protect usernames and passwords only.

Also, could you talk more about client authorization credentials for .onions? How are those provided today (For some reason I thought you had to edit torrc) via Tor Browser?

Yep, you need to edit the torrc, there is no way to do it through Tor Browser yet. Tickets #14389 and #19757 are related to this.

In theory we could have the "Tor bookmark" system keep client auth creds for various onions and use them when those onions are visited.

HSv2 client auth creds look like this:

HidServAuth tkwk5o5n4eud3vwd.onion rJcrR/ZbCMDdJqTImOBvxB basic1

HSv3 client auth hasn't been implemented yet but it might look like this.

Last edited 19 months ago by asn (previous) (diff)

comment:7 Changed 19 months ago by asn

Side-note, a person from tor-dev said that they worked on a project like this. Perhaps code or ideas or icons might be reusable.

comment:8 Changed 15 months ago by antonela

Cc: antonela added

comment:9 Changed 14 months ago by dmr

Cc: dmr added
Keywords: tor-hs added

comment:10 Changed 14 months ago by arthuredelstein

Keywords: arthuredelstein added

comment:11 Changed 14 months ago by cypherpunks

Parent ID: #25955

comment:12 Changed 14 months ago by dgoulet

Parent ID: #25955

This is Tor Browser specific. In rare cases we should link them to Core Tor/Tor component but the TBB team should decided that.

Unparenting. Nothing to do with v2 deprecation.

comment:13 Changed 14 months ago by arthuredelstein

Cc: arthuredelstein added
Keywords: arthuredelstein removed

comment:14 Changed 8 months ago by intrigeri

Cc: intrigeri added

comment:15 in reply to:  description Changed 8 months ago by intrigeri

Replying to asn:

One technique that people are using to remember their onions are local browser bookmarks. That's a pretty secure way to do it actually, with the biggest drawback being that the bookmarks are stored long-term on your computer which is a problem if your computer gets compromised.

On https://trac.torproject.org/projects/tor/wiki/org/meetings/2018MexicoCity/Notes/TBBMeetingDays I've seen "Secure Bookmarks" mentioned. I'm not sure if this the right place to discuss this, feel free to redirect me if it's not :) Here's a dump of my thoughts on this topic.

First, in Tails bookmarks are the most popular persistence feature among those we offer (bookmarks, network connections, additional software, printers, Thunderbird, GnuPG, Bitcoin client, Pidgin, SSH). This was computed from the bug reports we receive so it's a small data set (~100 reports/month), but at least that's data.

Second, without bookmarks support at all (be them "secure" or the default Firefox feature, which we disable because of the disk avoidance design goal), here's what users are likely to do:

  • save the URLs they need in an unencrypted text file: not more secure than using the default bookmarks mechanism provided by Firefox (except perhaps Firefox stores the last time when a bookmark was visited? in which case it would count as browsing history, which is another matter)
  • use a search engine, a wiki, or something like to discover the hard-to-remember URL every time they need it, i.e. trust a third-party web service to point them to the correct URL; this approach does resist better to computer compromise but it also puts user's credentials at risk every time they access the hard-to-remember URL. Depending on the threat model, either can be safer.

I have no data to show how aware users are of the risks of either approach and I won't try to guess.

So to me it's not obvious that we're doing our users a service by disabling bookmarks and I would even argue that enabling the default Firefox bookmarks feature would not be worse than the current state of things. Now, if we get something even better, i.e. "Secure Bookmarks", that'll be awesome!

comment:16 Changed 8 months ago by asn

Thanks for the feedback intri. Here is also a research paper showing that about 52% of Tor users from a survey were also using the bookmark system, whereas 9% of people did not use bookmarks because they leaved a trace: https://arxiv.org/pdf/1806.11278.pdf

comment:17 Changed 6 months ago by reportUrl

Keywords: new-addon added; prop224 tbb network-need tor-hs removed
Note: See TracTickets for help on using tickets.