Opened 8 years ago

Closed 8 years ago

#5300 closed defect (fixed)

TBB shows SSL observatory popup

Reported by: Sebastian Owned by: erinn
Priority: High Milestone:
Component: Applications/Tor bundles/installation Version:
Severity: Keywords:
Cc: phobos, mikeperry, pde Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Getting this popup surprised me a lot, and TBB users will get it by default since the addon upgrades by itself. I don't think too many people know what an EFF is outside the US, not even my computer-savvy friends over here do, and the popup is scary. We should probably pre-configure TBB to not have that popup show up and not transmit certificates to EFF.

What do you think about that?

Child Tickets

Change History (5)

comment:1 in reply to:  description Changed 8 years ago by arma

Replying to Sebastian:

We should probably pre-configure TBB to not have that popup show up and not transmit certificates to EFF.

Agreed.

(I think there's an argument to be made that Tor's users are well-situated to report cool ssl certificate variations, and help EFF save the world; but the right way to do that is for somebody we know to run a TBB configured to 'yes, report' and do some automated scanning. Not for every TBB user to by default do something they didn't opt in to.)

comment:2 Changed 8 years ago by arma

Cc: pde added; arma removed

comment:3 Changed 8 years ago by pde

At the moment, HTTPS Everywhere 2.x is configured to show the popup once to the user, but only if they have torbutton installed in their browser.  Hence the popup that TBB users are seeing.  In version 3.x we are planning to show the popup once to all of our users, regardless of torbutton's presence, unless someone convinces us that's a bad idea.

If HTTPS E in TBB shouldn't do that, there are a couple of ways to achieve it.  One would be to set the about:config variable "extensions.https_everywhere._observatory.popup_shown" to true.  Another would be to disable the code  in this stanza.

Overall, I think that as a matter of individual user security (as opposed to the general wellbeing of the Internet's crypto infrastructure, which is a reason to show the popup, or PR with cautious Tor users, which is a reason not to), you could consider leaving the popup there for TBB users.  It will actually warn them about a growing number of MITM attacks and weak key problems.  The design's privacy properties are quite strong when TorButton is present.

mikeperry, what do you think?

comment:4 Changed 8 years ago by mikeperry

I think the popup is a bit scary looking, and still hard to identify as coming from HTTPS-Everywhere. Perhaps independent of that, I don't think we should display it by default for TBB, because TBB users might not even know what HTTPS-Everywhere is, as they did not install it by choice.

As for turning the feature on by default for TBB, the main blocker for that is that it looks like submission is still going to https://observatory.eff.org.. However, Tor Exit Enclaves only really work properly when you use IP address. This means that users who turn the feature on can be recognized by exits and get fingerprinted or treated differently, because the observatory traffic will often be sent on the same circuit as browsing traffic.

Otherwise, I believe this feature is at worst equivalent to OCSP in terms of privacy risk for our users, and we've had OCSP on for years even though it does nothing for users in terms of security.

comment:5 Changed 8 years ago by erinn

Resolution: fixed
Status: newclosed

Disabled the popup screen in the latest tbb. Closing.

Note: See TracTickets for help on using tickets.