Opened 11 years ago

Closed 2 years ago

#989 closed enhancement (wontfix)

Proxy-excluded urls should be excluded from Torbutton's manipulations.

Reported by: zed Owned by:
Priority: Low Milestone:
Component: Applications/Torbutton Version: Torbutton: 1.2.1
Severity: Normal Keywords:
Cc: zed, coderman Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description (last modified by gk)

When Torbutton's state is toggled in Firefox, it locks down page interaction and
forces the user to reload the page manually. This includes urls that have
been excluded from the proxy in Firefox's advanced network configuration

It would be helpful if Torbutton respected proxy-excluded urls and left their
state alone.

[Automatically added by flyspray2trac: Operating System: All]

Child Tickets

Change History (4)

comment:1 Changed 11 years ago by coderman

Relaying IRC commentary into less ephemeral medium:
This is dangerous for at least one reason, probably more. If an exit spoofs DNS or injects identifying links
to a proxy excluded resource they can do "bad things" with a free pass around TorButton. (and bad gets worse
if this white listed site has any CSRF/XSS in it, etc).

For users who are white listing certain resources, transitioning to a tandem regular browser and Tor browser
(with portable Firefox) is much less risky.

To do this right you would almost need a Torbutton per tab type configuration, where a proxy excluded
resource must be loaded in its own distinct tab and non-Tor state. Or maybe there is a more robust and easy
way someone else will come up with :)

comment:2 Changed 10 years ago by erinn

Version: 1.2.1Torbutton: 1.2.1

Updating the version from 1.2.1 to Torbutton: 1.2.1 so I can close #1743.

comment:3 Changed 2 years ago by teor

Cc: zed,codermanzed, coderman
Severity: Normal

Set all open tickets without a severity to "Normal"

comment:4 Changed 2 years ago by gk

Description: modified (diff)
Resolution: Nonewontfix
Status: newclosed

Toggle bugs.

Note: See TracTickets for help on using tickets.