TorBrowser connects over clearnet after activation of 'hidden' torbutton option
Tested on Linux x86_64, latest TorBrowser version 3.53
Steps to reproduce problem:
- Open TorBrowser and connect normally
- Click the Torbutton, this opens the drop down list containing "New Identity, Cookie Protections, ..."
- Press down key on keyboard once highlights 'New Identity'
- Press down key again and the highlighting disappears (highlighting hidden 'disable torbutton' option)
- Press enter
This makes TB connect over the clearnet and reveal true IP address (checked using check.torproject.org, and yes it is my real IP). No warning or confirmation box appears and this could easily be done accidentally. This setting persists over New Identity and closing and reopening TB completely, and it is not obvious at all to the user how to switch Tor back on.
This is particularly dangerous because opportunities to warn the user are missed:
- The about:tor page remains green even after clicking New Identity (although it does switch to its "Something Went Wrong!" form after fully closing and reopening TB).
- The 'Proxy Settings' page (Torbutton -> Preferences) is unchanged and indicates the browser is using Tor's recommended proxy settings
- The 'Test Proxy' button on the Proxy Settings page button confirms that the Tor proxy is working properly
The only indicator to the user that they have been deanonymized is the torbutton changes from green to red, which is easily missed.
Furthermore, for people who do not allow TB access to the Tor ControlPort* this button is red anyway and there is no indication whatsoever that you are deanonymized.
This hidden option needs to be properly disabled or (like me!) you could be deanonymized for days without knowing.
*i.e. connecting TB to a separate Tor process / transparently routing TB traffic / using Tor router or Tor on a different [virtual] machine
[Note to re-enable Tor proxy just repeat the steps above. Also the 'Restore Defaults' button on the TorButton Preferences page appears to fix it too]