Skip to content

GitLab

  • Menu
Projects Groups Snippets
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in
  • T Tor Browser
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 1,274
    • Issues 1,274
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 6
    • Merge requests 6
  • Deployments
    • Deployments
    • Releases
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • Repository
  • Wiki
    • Wiki
  • Activity
  • Graph
  • Create a new issue
  • Commits
  • Issue Boards
Collapse sidebar
  • The Tor Project
  • Applications
  • Tor Browser
  • Issues
  • #40294

Closed
Open
Created Jan 15, 2021 by Gaba@gaba🦋Owner

Individual-resistance: HTTPS by default

As part of the Collaborative ResistancE to Web Surveillance (CREWS)'s project with UCL we are going to build a prototype to understand of effectiveness of enhanced eavesdropping protection in Tor Browser.

Modern web browsers, including Tor Browser, will indicate that unencrypted web traffic is insecure, but not block unencrypted traffic, because some websites do not support encryption. Therefore malicious intermediaries can perform “SSL-stripping attacks”, forcing the browser to downgrade to unencrypted traffic. For this project we will evaluate how to require encryption to be enabled unless the user explicitly permits downgrading. We will explore approaches to clearly describe the risks of sharing web browsing data with intermediaries (legibility) and giving the user controls of whether to proceed nevertheless (agency).

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information
Assignee
Assign to
Time tracking