Trac issueshttps://gitlab.torproject.org/legacy/trac/-/issues2020-06-15T23:44:13Zhttps://gitlab.torproject.org/legacy/trac/-/issues/22396What does "never for this site" for the canvas warning really mean?2020-06-15T23:44:13ZRoger DingledineWhat does "never for this site" for the canvas warning really mean?When I get an html5 canvas warning in Tor Browser, it suggests that I pick "never for this site".
To me, the word "never" implies that Tor Browser is writing down my answer, and it will use that answer forever after. Like the "permanent...When I get an html5 canvas warning in Tor Browser, it suggests that I pick "never for this site".
To me, the word "never" implies that Tor Browser is writing down my answer, and it will use that answer forever after. Like the "permanent exceptions" for SSL certs.
On the other hand, my understanding of Tor Browser behavior is that it wouldn't write it to disk, so my choice would be lost on the next browser reset or new identity click.
There's a contradiction here. I'm assuming the second one is right. Is there a better phrase we can use than "never"?https://gitlab.torproject.org/legacy/trac/-/issues/23721Put a banner when detecting old versions of the Tor Browser on the website ad...2020-06-13T17:11:53ZcypherpunksPut a banner when detecting old versions of the Tor Browser on the website advising to updateThis is in the same spirit that Mozilla does, for example: https://www.mozilla.org/en-US/security/advisories/mfsa2017-22/
```
Your Firefox is out-of-date.
Get the most recent version to keep browsing securely.
Update Firefox
```This is in the same spirit that Mozilla does, for example: https://www.mozilla.org/en-US/security/advisories/mfsa2017-22/
```
Your Firefox is out-of-date.
Get the most recent version to keep browsing securely.
Update Firefox
```website redesignHiroHirohttps://gitlab.torproject.org/legacy/trac/-/issues/30032Add warning or disable adding additional extensions2020-06-16T01:02:13ZWilliam BudingtonAdd warning or disable adding additional extensionsA few users of the Tor Browser have reached out to the EFF extension developers team wanting help with Privacy Badger. As we've explained in the past[1], installing Privacy Badger within Tor Browser can seriously impede the anonymity gu...A few users of the Tor Browser have reached out to the EFF extension developers team wanting help with Privacy Badger. As we've explained in the past[1], installing Privacy Badger within Tor Browser can seriously impede the anonymity guarantees of TB. Even extensions which under normal circumstances in mainline Firefox would increase privacy can be harmful in the TB context - for instance, canvas hash randomizers can move the browser from the relatively large anonymity pool of "TB users on Linux" to the much smaller pool of "TB users on Linux who have a canvas randomizer", since the fact that your canvas is randomized is able to be determined by any remote site. Users of TB are more likely to be power users and install additional addons as well.
Currently, installing an extension in TB is as easy as doing the same in Firefox. We should either disable the ability to install additional extensions or add a highly eye-catching warning alerting users to the fact that extensions, even ones that are privacy-oriented, can be harmful to anonymity.
1. https://tor.stackexchange.com/questions/15653/why-does-tor-not-pre-include-privacy-badger-or-disconnect-add-ons