Skip to content

GitLab

  • Projects
  • Groups
  • Snippets
  • Help
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in
Trac
Trac
  • Project overview
    • Project overview
    • Details
    • Activity
  • Issues 246
    • Issues 246
    • List
    • Boards
    • Labels
    • Service Desk
    • Milestones
  • Operations
    • Operations
    • Metrics
    • Incidents
  • Analytics
    • Analytics
    • Value Stream
  • Wiki
    • Wiki
  • Members
    • Members
  • Collapse sidebar
  • Activity
  • Create a new issue
  • Issue Boards

GitLab is used only for code review, issue tracking and project management. Canonical locations for source code are still https://gitweb.torproject.org/ https://git.torproject.org/ and git-rw.torproject.org.

  • Legacy
  • TracTrac
  • Issues
  • #30032

Closed (moved)
Open
Opened Apr 05, 2019 by William Budington@legind

Add warning or disable adding additional extensions

A few users of the Tor Browser have reached out to the EFF extension developers team wanting help with Privacy Badger. As we've explained in the past[1], installing Privacy Badger within Tor Browser can seriously impede the anonymity guarantees of TB. Even extensions which under normal circumstances in mainline Firefox would increase privacy can be harmful in the TB context - for instance, canvas hash randomizers can move the browser from the relatively large anonymity pool of "TB users on Linux" to the much smaller pool of "TB users on Linux who have a canvas randomizer", since the fact that your canvas is randomized is able to be determined by any remote site. Users of TB are more likely to be power users and install additional addons as well.

Currently, installing an extension in TB is as easy as doing the same in Firefox. We should either disable the ability to install additional extensions or add a highly eye-catching warning alerting users to the fact that extensions, even ones that are privacy-oriented, can be harmful to anonymity.

  1. https://tor.stackexchange.com/questions/15653/why-does-tor-not-pre-include-privacy-badger-or-disconnect-add-ons
To upload designs, you'll need to enable LFS and have admin enable hashed storage. More information
Assignee
Assign to
None
Milestone
None
Assign milestone
Time tracking
None
Due date
None
Reference: legacy/trac#30032