Opened 7 years ago

Closed 7 years ago

#4064 closed enhancement (duplicate)

Add more privacy-related firefox-addons to the bundles

Reported by: runa Owned by: erinn
Priority: Medium Milestone:
Component: Applications/Tor bundles/installation Version:
Severity: Keywords:
Cc: mikeperry Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

We got an email from a user who wants us to look into adding the following Firefox addons to the browser bundles:

Certificate Patrol: https://addons.mozilla.org/en-US/firefox/addon/certificate-patrol/

RequestPolicy: https://addons.mozilla.org/en-US/firefox/addon/requestpolicy/

Child Tickets

Change History (3)

comment:1 Changed 7 years ago by rransom

Cc: mikeperry added
Component: Tor BrowserTor bundles/installation
Owner: changed from mikeperry to erinn

Adding Certificate Patrol to TBB would be an impressively bad idea -- it would store a log of which HTTPS sites a user has visited in the TBB, and one of TBB's design goals is to prevent that.

Request Policy might be nice (I'd use it, at least for now) for some users, but it would make most TBB users think ‘Tor doesn't work’, and it conflicts with mikeperry's goal of protecting users' privacy without needing to block advertisements.

I'm reassigning this ticket to ‘Tor bundles/installation’, because it's not strictly related to the modified version of Firefox we ship.

comment:2 Changed 7 years ago by phobos

The first question to answer is 'what are we trying to accomplish with these add-ons?'

I use request policy rather than noscript. However, it breaks nearly ever website. Using this would require a larger education campaign about what to do with all of these red flag zones on a web page. And really, we should pull it from https://www.requestpolicy.com/ not Mozilla's add-on site.

Certificate Patrol needs lots of work. I find it's better to simply delete all CAs and save individual certs rather than have CertPatrol save it and then warn endlessly about every time a new cert appears.

comment:3 Changed 7 years ago by mikeperry

Resolution: duplicate
Status: newclosed

It's not just that I want to protect ads: I think filters in general are not a viable privacy solution. I will explain my reasoning for this the design doc (#3812), hence I am dupping this ticket.

Also, yes, cert patrol is crap. Convergence is not ruled out, but needs general peer review + specific tor auditing.

Note: See TracTickets for help on using tickets.