Skip to content
GitLab
Projects Groups Snippets
  • /
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in
  • Tor Browser Tor Browser
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 831
    • Issues 831
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 4
    • Merge requests 4
  • Deployments
    • Deployments
    • Releases
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • Repository
  • Wiki
    • Wiki
  • Activity
  • Graph
  • Create a new issue
  • Commits
  • Issue Boards
Collapse sidebar
  • The Tor Project
  • Applications
  • Tor BrowserTor Browser
  • Issues
  • #41539
Closed
Open
Issue created Dec 21, 2022 by henry@henryDeveloper

Crypto warning weaknesses

The "Bug 40209: Implement Basic Crypto Safety" patch (73640da2c4e719493b45fb6140f7ad2666326d89) is trying to prevent users using malicious crypto addresses from HTTP websites. It does this under the following condition

  1. The website is HTTP and not .onion (so vulnerable to being spoofed).
  2. The user copies or cuts text
  3. And the copied text looks like a crypto address

In this case it shows the user a popup warning them about the potential inserted crypto address.

Weaknesses

I can think of three weaknesses to this approach.

White space

Currently, we only trim the copied text rather than remove all whitespace within as well. This means that you can just insert some whitespace in the address (they could make it look presentational, or use CSS to hide it) and the user won't get a warning.

It is not that usually for text inputs to consume (some) whitespace. And even if it didn't, a user that has already copied the text will probably just remove the whitespace themselves after pasting.

Drag and drop

No warning is triggered if the user starts dragging the crypto address. Maybe this doesn't come up much, but the website could try and encourage it by just writing "Drag and drop the address below". Or setting user-select: none but making the address draggable.

Copying the address manually

If you set user-select: none on the address then there is no way to copy the text. If the user already trusts the HTTP website, then they may just copy out the address by hand. Maybe they wouldn't bother with the length of some addresses though.

Risk

I'm not sure how high the risk is since we have HTTPS-always now. But we have decided to still keep the crypto warning in place as a protective measure.

Edited Dec 21, 2022 by henry
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information
Assignee
Assign to
Time tracking