Skip to content
GitLab
Projects Groups Topics Snippets
  • /
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in
  • Tor Browser Tor Browser
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributor statistics
    • Graph
    • Compare revisions
  • Issues 917
    • Issues 917
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 6
    • Merge requests 6
  • Deployments
    • Deployments
    • Releases
  • Packages and registries
    • Packages and registries
    • Container Registry
    • Model experiments
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • Repository
  • Wiki
    • Wiki
  • Activity
  • Graph
  • Create a new issue
  • Commits
  • Issue Boards
Collapse sidebar
  • The Tor Project
  • Applications
  • Tor BrowserTor Browser
  • Issues
  • #41539

Crypto warning weaknesses

The "Bug 40209: Implement Basic Crypto Safety" patch (73640da2c4e719493b45fb6140f7ad2666326d89) is trying to prevent users using malicious crypto addresses from HTTP websites. It does this under the following condition

  1. The website is HTTP and not .onion (so vulnerable to being spoofed).
  2. The user copies or cuts text
  3. And the copied text looks like a crypto address

In this case it shows the user a popup warning them about the potential inserted crypto address.

Weaknesses

I can think of three weaknesses to this approach.

White space

Currently, we only trim the copied text rather than remove all whitespace within as well. This means that you can just insert some whitespace in the address (they could make it look presentational, or use CSS to hide it) and the user won't get a warning.

It is not that usually for text inputs to consume (some) whitespace. And even if it didn't, a user that has already copied the text will probably just remove the whitespace themselves after pasting.

Drag and drop

No warning is triggered if the user starts dragging the crypto address. Maybe this doesn't come up much, but the website could try and encourage it by just writing "Drag and drop the address below". Or setting user-select: none but making the address draggable.

Copying the address manually

If you set user-select: none on the address then there is no way to copy the text. If the user already trusts the HTTP website, then they may just copy out the address by hand. Maybe they wouldn't bother with the length of some addresses though.

Risk

I'm not sure how high the risk is since we have HTTPS-always now. But we have decided to still keep the crypto warning in place as a protective measure.

Edited Dec 21, 2022 by henry
Assignee
Assign to
Time tracking