Opened 3 months ago

Last modified 3 months ago

#30032 new defect

Add warning or disable adding additional extensions

Reported by: legind Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: ux-team
Cc: gk Actual Points:
Parent ID: #30037 Points:
Reviewer: Sponsor:

Description

A few users of the Tor Browser have reached out to the EFF extension developers team wanting help with Privacy Badger. As we've explained in the past[1], installing Privacy Badger within Tor Browser can seriously impede the anonymity guarantees of TB. Even extensions which under normal circumstances in mainline Firefox would increase privacy can be harmful in the TB context - for instance, canvas hash randomizers can move the browser from the relatively large anonymity pool of "TB users on Linux" to the much smaller pool of "TB users on Linux who have a canvas randomizer", since the fact that your canvas is randomized is able to be determined by any remote site. Users of TB are more likely to be power users and install additional addons as well.

Currently, installing an extension in TB is as easy as doing the same in Firefox. We should either disable the ability to install additional extensions or add a highly eye-catching warning alerting users to the fact that extensions, even ones that are privacy-oriented, can be harmful to anonymity.

  1. https://tor.stackexchange.com/questions/15653/why-does-tor-not-pre-include-privacy-badger-or-disconnect-add-ons

Child Tickets

Change History (4)

comment:1 Changed 3 months ago by gk

Keywords: ux-team added

Disabling installing additional extensions is not going to fly, in particular as we want to make Tor Browser support virtually any use case, just like one would expect from any other browser as well.

But I am fine trying to come up with a "highly eye-catching warning".

comment:2 Changed 3 months ago by pili

Parent ID: #30037

comment:3 Changed 3 months ago by cypherpunks

Just wanted to write from a user's perspective, the only addon I used with Tor Browser was DownThemAll as it made downloading multiple files much easier. At the moment I'm trying "Simple mass downloader" since DownThemAll isn't compatible with the new Firefox.

Can Tor try to proactively fix anonymity or security related issues from addons that are most likely to be installed on Tor Browser? It may require some research to figure that out. My guess is download managers/helpers and adblockers would be among the most popular.

From my experience, Simple mass downloader seems to record file links in the browser history and they are not removed with new identity or browser restarts.

comment:4 in reply to:  3 Changed 3 months ago by gk

Replying to cypherpunks:

Just wanted to write from a user's perspective, the only addon I used with Tor Browser was DownThemAll as it made downloading multiple files much easier. At the moment I'm trying "Simple mass downloader" since DownThemAll isn't compatible with the new Firefox.

Can Tor try to proactively fix anonymity or security related issues from addons that are most likely to be installed on Tor Browser? It may require some research to figure that out. My guess is download managers/helpers and adblockers would be among the most popular.

No, that's not feasible. And, frankly, we should not be in the business of evaluating all sorts of combinations of installed extensions at all and what that means for user anonymity. Oh, and even if we could do that once at a specific point in time that would not be enough. We'd need to monitor that over time for all (most popular) extensions.

Note: See TracTickets for help on using tickets.