Crypto warning weaknesses
The "Bug 40209: Implement Basic Crypto Safety" patch (
73640da2c4e719493b45fb6140f7ad2666326d89) is trying to prevent users using malicious crypto addresses from HTTP websites. It does this under the following condition
- The website is HTTP and not
.onion(so vulnerable to being spoofed).
- The user copies or cuts text
- And the copied text looks like a crypto address
In this case it shows the user a popup warning them about the potential inserted crypto address.
I can think of three weaknesses to this approach.
Currently, we only trim the copied text rather than remove all whitespace within as well. This means that you can just insert some whitespace in the address (they could make it look presentational, or use CSS to hide it) and the user won't get a warning.
It is not that usually for text inputs to consume (some) whitespace. And even if it didn't, a user that has already copied the text will probably just remove the whitespace themselves after pasting.
Drag and drop
No warning is triggered if the user starts dragging the crypto address. Maybe this doesn't come up much, but the website could try and encourage it by just writing "Drag and drop the address below". Or setting
user-select: none but making the address draggable.
Copying the address manually
If you set
user-select: none on the address then there is no way to copy the text. If the user already trusts the HTTP website, then they may just copy out the address by hand. Maybe they wouldn't bother with the length of some addresses though.
I'm not sure how high the risk is since we have HTTPS-always now. But we have decided to still keep the crypto warning in place as a protective measure.