Version 9 (modified by karsten, 6 years ago) (diff)

Name changed from ImportantGoogleChromeBugs to doc/ImportantGoogleChromeBugs

Important Google Chrome Bugs

It would be great if the Tor Project could create a Chrome extension to upgrade Google Chrome's Incognito Mode into a full privacy mode that protects against all network adversaries, giving Chrome users real privacy-by-design if and when they want it.

However, we still have a few important issues to tackle before even low-grade privacy-by-design can be provided through Tor in Incognito mode. This page exists to track those issues by referencing relevant items in the Chromium bug tracker.

The following groups of bugs are ordered from most important to least.

Proxy Bypass Bugs

First and foremost, there are a few bugs that allow direct bypass of the Incognito mode proxy settings. Without fixes for these bugs, there is little point in attempting a Tor extension at all, since the user's real IP can be revealed in typical use cases, even without any actual exploit attempt.

Browser State Leak Bugs

After issues that allow direct proxy bypass, there are still a number of ways that browser state can cross between Incognito mode and regular browsing. While these bugs aren't absolute barriers to writing the extension, they are a huge concern for us. There are also even some ways that Incognito browsing activity can be written to disk as a result of these bugs.

UI barriers

Fingerprinting Bugs

These bugs are related to addressing fingerprinting issues. Solutions to fingerprinting are still more art than science at this point. What we need are flexible APIs to allow us to prototype potential solutions. These issues are not blockers, but are things we would strive to have before Chrome could become the recommended tor browser.

Blue-sky API wishlist

The plugin sanboxing support can potentially allow us to write a more restricted sandbox that we deem will allow Flash and other plugins to be safe enough to use in the mode. There is no bug for it yet, but it would build on this one: