Tor Browser issueshttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues2022-11-30T16:35:23Zhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40978New Identity does not reset NoScript's Temporarily Trusted settings2022-11-30T16:35:23ZTracNew Identity does not reset NoScript's Temporarily Trusted settingsSteps to reproduce:
1. Set any random website to Temporarily Trusted
2. Hit New Identity
3. Go back to the website later on, the temporarily permission to execute JavaScript is still preserved.
This can be solved by closing and re-openi...Steps to reproduce:
1. Set any random website to Temporarily Trusted
2. Hit New Identity
3. Go back to the website later on, the temporarily permission to execute JavaScript is still preserved.
This can be solved by closing and re-opening Tor Browser, however, from my understanding New Identity is supposed to handle that?
**Trac**:
**Username**: YaelSponsor 131 - Phase 2 - Privacy Browserhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40925Improve NoScript and Browser integration2023-11-01T22:18:44ZrichardImprove NoScript and Browser integration- [x] Extract Security Level backend functionality from torbutton and make into separate firefox patch
- [x] Move Security Level UI Patch before the tor-browser split in firefox
- [x] Ensure only depends on strings in the new localizatio...- [x] Extract Security Level backend functionality from torbutton and make into separate firefox patch
- [x] Move Security Level UI Patch before the tor-browser split in firefox
- [x] Ensure only depends on strings in the new localization project (see https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40924 )
---
- [ ] Update browser threat-model doc
- [ ] Determine *what* functionality we want to expose to the user
- [ ] Integrate NoScript as a system extension
- [ ] Build some system for NoSript to trigger 'native' browser UI (modals, etc)
- [ ] Implement w/e ~"UX Team" comes up with
- [ ] Allow about:addons intalled NoScript to override system-extension NoScript and disable w/e custom security features we haveSponsor 131 - Phase 2 - Privacy Browserma1ma1https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/32225Saving whole web pages broken on "Safest" security setting on Tor Browser 11.52023-01-05T16:19:28ZTracSaving whole web pages broken on "Safest" security setting on Tor Browser 11.5When saving pages using the "Save page as" dialog, the download fails immediately after starting and is displayed as "failed" in the download panel. The page still seems to be saved correctly. So far, I've only tested 9.0 (based on Mozil...When saving pages using the "Save page as" dialog, the download fails immediately after starting and is displayed as "failed" in the download panel. The page still seems to be saved correctly. So far, I've only tested 9.0 (based on Mozilla Firefox 68.2.0esr) (64-bit) on Windows 10.
**Trac**:
**Username**: 7TR0OrSponsor 131 - Phase 2 - Privacy Browserma1ma1https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42280Weird connection attempt to multicast IPv6 ff00:::443 on "New identity"2024-01-09T13:50:38ZintrigeriWeird connection attempt to multicast IPv6 ff00:::443 on "New identity"First of all, my apologies, it's not trivial for me to reproduce with a pristine Tor Browser (I would need to learn how to log SOCKS activity in Tor Browser or tor daemon, without the facilities we have in Tails), so I did not yet. I'm h...First of all, my apologies, it's not trivial for me to reproduce with a pristine Tor Browser (I would need to learn how to log SOCKS activity in Tor Browser or tor daemon, without the facilities we have in Tails), so I did not yet. I'm hoping a Tor Browser developer can very cheaply confirm whether this happens in a pristine Tor Browser (if not, feel free to reject and I'll see what we can do about it in Tails :)
This was reported by a Tails user and I reproduced it on my Debian sid + Tor Browser configured to use the system tor daemon + OnionCircuits.
When I do "New identity", I see request for Tor circuits to ff00:::443. The logs from Tails onion-grater (our Tor control port filter daemon) say:
```
650 STREAM 18 NEW 0 ff00:::443 SOURCE_ADDR=10.200.1.2:35108 PURPOSE=USER SOCKS_USERNAME="3118f03f-a085-41ca-abda-8f54eddf88f8.mozilla:0" SOCKS_PASSWORD="9d4853a3dc5ad1f8df87a8451828d99db03999010eff468f67e4ff0cfc3484fb" CLIENT_PROTOCOL=SOCKS5 NYM_EPOCH=0 SESSION_GROUP=-7 ISO_FIELDS=SOCKS_USERNAME,SOCKS_PASSWORD,CLIENTADDR,SESSION_GROUP,NYM_EPOCH
650 STREAM 18 SENTCONNECT 8 ff00:::443 SOCKS_USERNAME="3118f03f-a085-41ca-abda-8f54eddf88f8.mozilla:0" SOCKS_PASSWORD="9d4853a3dc5ad1f8df87a8451828d99db03999010eff468f67e4ff0cfc3484fb" CLIENT_PROTOCOL=SOCKS5 NYM_EPOCH=0 SESSION_GROUP=-7 ISO_FIELDS=SOCKS_USERNAME,SOCKS_PASSWORD,CLIENTADDR,SESSION_GROUP,NYM_EPOCH
650 STREAM 19 NEW 0 ff00:::443 SOURCE_ADDR=10.200.1.2:35124 PURPOSE=USER SOCKS_USERNAME="3118f03f-a085-41ca-abda-8f54eddf88f8.mozilla:0" SOCKS_PASSWORD="9d4853a3dc5ad1f8df87a8451828d99db03999010eff468f67e4ff0cfc3484fb" CLIENT_PROTOCOL=SOCKS5 NYM_EPOCH=0 SESSION_GROUP=-7 ISO_FIELDS=SOCKS_USERNAME,SOCKS_PASSWORD,CLIENTADDR,SESSION_GROUP,NYM_EPOCH
650 STREAM 19 SENTCONNECT 8 ff00:::443 SOCKS_USERNAME="3118f03f-a085-41ca-abda-8f54eddf88f8.mozilla:0" SOCKS_PASSWORD="9d4853a3dc5ad1f8df87a8451828d99db03999010eff468f67e4ff0cfc3484fb" CLIENT_PROTOCOL=SOCKS5 NYM_EPOCH=0 SESSION_GROUP=-7 ISO_FIELDS=SOCKS_USERNAME,SOCKS_PASSWORD,CLIENTADDR,SESSION_GROUP,NYM_EPOCH
650 STREAM 18 REMAP 8 [ff00::]:443 SOCKS_USERNAME="3118f03f-a085-41ca-abda-8f54eddf88f8.mozilla:0" SOCKS_PASSWORD="9d4853a3dc5ad1f8df87a8451828d99db03999010eff468f67e4ff0cfc3484fb" CLIENT_PROTOCOL=SOCKS5 NYM_EPOCH=0 SESSION_GROUP=-7 ISO_FIELDS=SOCKS_USERNAME,SOCKS_PASSWORD,CLIENTADDR,SESSION_GROUP,NYM_EPOCH
650 STREAM 18 DETACHED 8 [ff00::]:443 REASON=END REMOTE_REASON=EXITPOLICY SOCKS_USERNAME="3118f03f-a085-41ca-abda-8f54eddf88f8.mozilla:0" SOCKS_PASSWORD="9d4853a3dc5ad1f8df87a8451828d99db03999010eff468f67e4ff0cfc3484fb" CLIENT_PROTOCOL=SOCKS5 NYM_EPOCH=0 SESSION_GROUP=-7 ISO_FIELDS=SOCKS_USERNAME,SOCKS_PASSWORD,CLIENTADDR,SESSION_GROUP,NYM_EPOCH
650 STREAM 18 SENTCONNECT 8 [ff00::]:443 SOCKS_USERNAME="3118f03f-a085-41ca-abda-8f54eddf88f8.mozilla:0" SOCKS_PASSWORD="9d4853a3dc5ad1f8df87a8451828d99db03999010eff468f67e4ff0cfc3484fb" CLIENT_PROTOCOL=SOCKS5 NYM_EPOCH=0 SESSION_GROUP=-7 ISO_FIELDS=SOCKS_USERNAME,SOCKS_PASSWORD,CLIENTADDR,SESSION_GROUP,NYM_EPOCH
```
I understand the network rejects these attempts (`EXITPOLICY`), which is great. I understand ff00::/8 that's because is supposed to be local. But I suppose that ideally Tor Browser should not even ask tor to connect there.
I lack IPv6 expertise to tell how bad this is.
Interestingly I see no such connection attempt when first starting Tor Browser.ma1ma1https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41445Audit extensions.webextensions.restrictedDomains again2023-09-26T13:47:12ZPier Angelo VendrameAudit extensions.webextensions.restrictedDomains again`extensions.webextensions.restrictedDomains` was the result of [Bug 1453988](https://bugzilla.mozilla.org/show_bug.cgi?id=1453988) and related (#26114 for us).
Its description in `001-base-profile.js` says `Allow NoScript to access addo...`extensions.webextensions.restrictedDomains` was the result of [Bug 1453988](https://bugzilla.mozilla.org/show_bug.cgi?id=1453988) and related (#26114 for us).
Its description in `001-base-profile.js` says `Allow NoScript to access addons.mozilla.org etc.`, but @ma1 said that he thinks that we could do something better, too.ma1ma1https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41324Expose per-tab notifications API to WebExtensions for better UX integration o...2023-08-22T20:57:05Zma1Expose per-tab notifications API to WebExtensions for better UX integration of extension-based features (e.g. from NoScript)Adding a new `browser.tabs.displayNotification()` WebExtensions API, closely mirroring the browser-native `notificationBox.appendNotification()` one, in order to better integrate features provided by extensions like NoScript in the nativ...Adding a new `browser.tabs.displayNotification()` WebExtensions API, closely mirroring the browser-native `notificationBox.appendNotification()` one, in order to better integrate features provided by extensions like NoScript in the native UI.
Case in point: #41112.ma1ma1https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41212Fix startup crash in debug build when installing noscript2022-09-01T22:36:57ZAlex CatarineuFix startup crash in debug build when installing noscript```
2020-10-30 16:29:12.038 10759-10759/org.torproject.torbrowser_debug D/StrictMode: StrictMode policy violation; ~duration=175 ms: android.os.strictmode.DiskWriteViolation
at android.os.StrictMode$AndroidBlockGuardPolicy.onWrit...```
2020-10-30 16:29:12.038 10759-10759/org.torproject.torbrowser_debug D/StrictMode: StrictMode policy violation; ~duration=175 ms: android.os.strictmode.DiskWriteViolation
at android.os.StrictMode$AndroidBlockGuardPolicy.onWriteToDisk(StrictMode.java:1552)
at libcore.io.BlockGuardOs.open(BlockGuardOs.java:252)
at libcore.io.ForwardingOs.open(ForwardingOs.java:166)
at android.app.ActivityThread$AndroidOs.open(ActivityThread.java:7542)
at libcore.io.IoBridge.open(IoBridge.java:478)
at java.io.FileOutputStream.<init>(FileOutputStream.java:236)
at java.io.FileOutputStream.<init>(FileOutputStream.java:186)
at org.mozilla.fenix.components.TorBrowserFeatures.installNoScript(TorBrowserFeatures.kt:33)
at org.mozilla.fenix.components.TorBrowserFeatures.install(TorBrowserFeatures.kt:96)
at org.mozilla.fenix.components.Core$engine$2.invoke(Core.kt:121)
at org.mozilla.fenix.components.Core$engine$2.invoke(Core.kt:78)
at kotlin.SynchronizedLazyImpl.getValue(LazyJVM.kt:74)
at org.mozilla.fenix.components.Core.getEngine(Unknown Source:2)
at org.mozilla.fenix.FenixApplication.setupInMainProcessOnly(FenixApplication.kt:150)
at org.mozilla.fenix.FenixApplication.onCreate(FenixApplication.kt:96)
at android.app.Instrumentation.callApplicationOnCreate(Instrumentation.java:1192)
at android.app.ActivityThread.handleBindApplication(ActivityThread.java:6712)
at android.app.ActivityThread.access$1300(ActivityThread.java:237)
at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1913)
at android.os.Handler.dispatchMessage(Handler.java:106)
at android.os.Looper.loop(Looper.java:223)
at android.app.ActivityThread.main(ActivityThread.java:7656)
at java.lang.reflect.Method.invoke(Native Method)
at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:592)
at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:947)
2020-10-30 16:29:12.039 10759-10759/org.torproject.torbrowser_debug E/AndroidRuntime: FATAL EXCEPTION: main
Process: org.torproject.torbrowser_debug, PID: 10759
java.lang.RuntimeException: StrictMode ThreadPolicy violation
at android.os.StrictMode$AndroidBlockGuardPolicy.onThreadPolicyViolation(StrictMode.java:1813)
at android.os.StrictMode$AndroidBlockGuardPolicy.lambda$handleViolationWithTimingAttempt$0$StrictMode$AndroidBlockGuardPolicy(StrictMode.java:1727)
at android.os.-$$Lambda$StrictMode$AndroidBlockGuardPolicy$9nBulCQKaMajrWr41SB7f7YRT1I.run(Unknown Source:6)
at android.os.Handler.handleCallback(Handler.java:938)
at android.os.Handler.dispatchMessage(Handler.java:99)
at android.os.Looper.loop(Looper.java:223)
at android.app.ActivityThread.main(ActivityThread.java:7656)
at java.lang.reflect.Method.invoke(Native Method)
at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:592)
at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:947)
Caused by: android.os.strictmode.DiskWriteViolation
at android.os.StrictMode$AndroidBlockGuardPolicy.onWriteToDisk(StrictMode.java:1552)
at libcore.io.BlockGuardOs.open(BlockGuardOs.java:252)
at libcore.io.ForwardingOs.open(ForwardingOs.java:166)
at android.app.ActivityThread$AndroidOs.open(ActivityThread.java:7542)
at libcore.io.IoBridge.open(IoBridge.java:478)
at java.io.FileOutputStream.<init>(FileOutputStream.java:236)
at java.io.FileOutputStream.<init>(FileOutputStream.java:186)
at org.mozilla.fenix.components.TorBrowserFeatures.installNoScript(TorBrowserFeatures.kt:33)
at org.mozilla.fenix.components.TorBrowserFeatures.install(TorBrowserFeatures.kt:96)
at org.mozilla.fenix.components.Core$engine$2.invoke(Core.kt:121)
at org.mozilla.fenix.components.Core$engine$2.invoke(Core.kt:78)
at kotlin.SynchronizedLazyImpl.getValue(LazyJVM.kt:74)
at org.mozilla.fenix.components.Core.getEngine(Unknown Source:2)
at org.mozilla.fenix.FenixApplication.setupInMainProcessOnly(FenixApplication.kt:150)
at org.mozilla.fenix.FenixApplication.onCreate(FenixApplication.kt:96)
at android.app.Instrumentation.callApplicationOnCreate(Instrumentation.java:1192)
at android.app.ActivityThread.handleBindApplication(ActivityThread.java:6712)
at android.app.ActivityThread.access$1300(ActivityThread.java:237)
at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1913)
at android.os.Handler.dispatchMessage(Handler.java:106)
at android.os.Looper.loop(Looper.java:223)
at android.app.ActivityThread.main(ActivityThread.java:7656)
at java.lang.reflect.Method.invoke(Native Method)
at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:592)
at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:947)
2020-10-30 16:29:12.040 10759-10759/org.torproject.torbrowser_debug E/ExceptionHandler: Uncaught exception handled:
java.lang.RuntimeException: StrictMode ThreadPolicy violation
at android.os.StrictMode$AndroidBlockGuardPolicy.onThreadPolicyViolation(StrictMode.java:1813)
at android.os.StrictMode$AndroidBlockGuardPolicy.lambda$handleViolationWithTimingAttempt$0$StrictMode$AndroidBlockGuardPolicy(StrictMode.java:1727)
at android.os.-$$Lambda$StrictMode$AndroidBlockGuardPolicy$9nBulCQKaMajrWr41SB7f7YRT1I.run(Unknown Source:6)
at android.os.Handler.handleCallback(Handler.java:938)
at android.os.Handler.dispatchMessage(Handler.java:99)
at android.os.Looper.loop(Looper.java:223)
at android.app.ActivityThread.main(ActivityThread.java:7656)
at java.lang.reflect.Method.invoke(Native Method)
at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:592)
at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:947)
Caused by: android.os.strictmode.DiskWriteViolation
at android.os.StrictMode$AndroidBlockGuardPolicy.onWriteToDisk(StrictMode.java:1552)
at libcore.io.BlockGuardOs.open(BlockGuardOs.java:252)
at libcore.io.ForwardingOs.open(ForwardingOs.java:166)
at android.app.ActivityThread$AndroidOs.open(ActivityThread.java:7542)
at libcore.io.IoBridge.open(IoBridge.java:478)
at java.io.FileOutputStream.<init>(FileOutputStream.java:236)
at java.io.FileOutputStream.<init>(FileOutputStream.java:186)
at org.mozilla.fenix.components.TorBrowserFeatures.installNoScript(TorBrowserFeatures.kt:33)
at org.mozilla.fenix.components.TorBrowserFeatures.install(TorBrowserFeatures.kt:96)
at org.mozilla.fenix.components.Core$engine$2.invoke(Core.kt:121)
at org.mozilla.fenix.components.Core$engine$2.invoke(Core.kt:78)
at kotlin.SynchronizedLazyImpl.getValue(LazyJVM.kt:74)
at org.mozilla.fenix.components.Core.getEngine(Unknown Source:2)
at org.mozilla.fenix.FenixApplication.setupInMainProcessOnly(FenixApplication.kt:150)
at org.mozilla.fenix.FenixApplication.onCreate(FenixApplication.kt:96)
at android.app.Instrumentation.callApplicationOnCreate(Instrumentation.java:1192)
at android.app.ActivityThread.handleBindApplication(ActivityThread.java:6712)
at android.app.ActivityThread.access$1300(ActivityThread.java:237)
at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1913)
at android.os.Handler.dispatchMessage(Handler.java:106)
at android.os.Looper.loop(Looper.java:223)
at android.app.ActivityThread.main(ActivityThread.java:7656)
at java.lang.reflect.Method.invoke(Native Method)
at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:592)
at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:947)
```https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40980NoScript XSS user choices are persisted2023-01-05T16:24:12ZTracNoScript XSS user choices are persistedWhenever user chooses 'Always allow' or 'Always block' in one of the NoScript XSS popups the setting is persisted in `storage-sync.sqlite` file and this is never cleared on browser startup as the rest of NoScript preferences.
The full p...Whenever user chooses 'Always allow' or 'Always block' in one of the NoScript XSS popups the setting is persisted in `storage-sync.sqlite` file and this is never cleared on browser startup as the rest of NoScript preferences.
The full persisted object can be inspected via `about:debugging` -> Debug Noscript -> `browser.storage.sync.get('xssUserChoices')`.
I understand this is not intended behaviour, since NoScript default is to not persist user choices (clearing them up on browser start).
**Trac**:
**Username**: atacSponsor 131 - Phase 5 - Ongoing Maintenancehttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40934NoScript (2.5.7) "reset" button does not use TBB defaults2023-08-26T04:48:01ZTracNoScript (2.5.7) "reset" button does not use TBB defaultsNoScript (2.5.7) "reset" in TBB (one result)
Debian/Wheezy (updated)
TBB 2.2.39-3 x86_64
TBB default install has NoScript "General" tab "Scripts Globally Allowed" (dangerous) ON and "Appearance" tab "Allow Scripts Globally" (dangerous...NoScript (2.5.7) "reset" in TBB (one result)
Debian/Wheezy (updated)
TBB 2.2.39-3 x86_64
TBB default install has NoScript "General" tab "Scripts Globally Allowed" (dangerous) ON and "Appearance" tab "Allow Scripts Globally" (dangerous) ON ... yet a RESET of the add-on sets the first to OFF and the second to ON. Is this normal?
https://trac.torproject.org/projects/tor/ticket/6567
```
NoScript
Needs to be updated.
NoScript is now installed by default.
Has been discussed.
https://lists.torproject.org/pipermail/tor-talk/2012-May/024227.html
My conclusion: Disabling it entirely is ok. Disabling on a per domain base is bad for anonymity.
```
https://trac.torproject.org/projects/tor/ticket/6563
Reinventing the wheel here?
**Trac**:
**Username**: Larkdgma1ma1https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/33000Click-to-play does not work on embedded videos on the blog in safer mode2023-01-05T17:36:02ZGeorg KoppenClick-to-play does not work on embedded videos on the blog in safer mode[As reported on the blog](https://blog.torproject.org/comment/286439#comment-286439) being on medium sevurity level and trying to get the videos on our [2019 campaign wrap-up](https://blog.torproject.org/2019-campaign-wrapup-tor-take-bac...[As reported on the blog](https://blog.torproject.org/comment/286439#comment-286439) being on medium sevurity level and trying to get the videos on our [2019 campaign wrap-up](https://blog.torproject.org/2019-campaign-wrapup-tor-take-back-the-internet) to play does not work.
This is with NoScript 11.0.12.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/32668NoScript default whitelist re-appears on clicking NoScript Options --> Reset2023-01-05T17:35:51ZTracNoScript default whitelist re-appears on clicking NoScript Options --> ResetNoScript for TBB appears to have been modified to remove the default whitelisting of sites like google, yahoo, and netflix. (good!)
However, if you click the Reset button in the TBB NoScript Options window, the default whitelist re-app...NoScript for TBB appears to have been modified to remove the default whitelisting of sites like google, yahoo, and netflix. (good!)
However, if you click the Reset button in the TBB NoScript Options window, the default whitelist re-appears.
To reproduce in TBB 9.0.3 and NoScript 11.0.9 on Mac, launch TBB, click the NoScript icon, select Per-site Permissions tab, and then click the Reset button in the upper right hand corner.
Desired behavior: Per-site permissions remains completely empty.
Current behavior: the NoScript default whitelist returns.
**Trac**:
**Username**: toholdaquillma1ma1https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/22974NoScript (and Tor Browser) vulnerable to Mozilla Add-On Code Execution2023-01-05T17:19:55ZTom Rittertom@ritter.vgNoScript (and Tor Browser) vulnerable to Mozilla Add-On Code ExecutionPer legacy/trac#22966 it sounds like NoScript is not signed with a developer key (the 'updateKey' feature described here: https://developer.mozilla.org/en-US/Add-ons/Install_Manifests#updateKey )
updateKey allows the extension developer...Per legacy/trac#22966 it sounds like NoScript is not signed with a developer key (the 'updateKey' feature described here: https://developer.mozilla.org/en-US/Add-ons/Install_Manifests#updateKey )
updateKey allows the extension developer to require updates be signed with a key only they control. Without it, Mozilla can rewrite extensions and effectively get arbitrary code execution via an add-on.
There's a few things at play here.
1) We could disable add-on updating all together to mitigate this in 52.
2) In 59, when the only 'full' add-ons are 'system' add-ons we'll need to figure this out ourselves anywhere. This will probably involve Tor signing Tor Launcher and TorButton with its own system add-on keys. Dev Tools is an open question.
3) In 59, when Web Extensions are around this won't be as big of a concern. Mozilla can't get code execution but could neuter the effect of an add-on or turn it into spyware (assuming we keep extension updating in place). Whether web extensions will support an updateKey mechanism is an open question (they don't now, EFF wants it. Tor might wish to lend support to the argument. If Tor could get another partner repack to join in that would help even more I bet.)