Arthur Edelstein authored Nov 10, 2016 and Georg Koppen committed Nov 11, 2016

Also, improve donate button appearance by moving arrow below text
and choosing a narrow arrow.

Arthur Edelstein authored Nov 08, 2016 and Georg Koppen committed Nov 08, 2016

Fixes bug in the main 20347 patch, reported at
https://trac.torproject.org/projects/tor/ticket/20347#comment:13

Arthur Edelstein authored Oct 17, 2016 and Georg Koppen committed Nov 07, 2016

This patch moves the security slider code from torbutton.js
to its own file (security-prefs.js) and refactors it.

Kathleen Brade authored Oct 11, 2016 and Georg Koppen committed Oct 20, 2016

Retrieve SOCKS port configuration from Tor Launcher if available.
Support the TOR_SOCKS_IPC_PATH environment variable.

Consistently use IPC to refer to Unix domain sockets.

Enhance torbutton_local_tor_check() to correctly handle spaces and
escaped characters within the 'GETINFO net/listeners/socks' response.

Within startup-observer.js, use Services.jsm, Cc and similar
constants, and remove unused code.

Also, remove the 'extensions.torbutton.resist_fingerprinting' pref
and just use the 'privacy.resistFingerprinting' pref instead. We will
use this to implement a checkbox in the about:preferences#privacy page.

Also, we remove the 'extensions.torbutton.restrict_thirdparty'
and use the 'privacy.thirdparty.isolate' pref. At the same time we
will need to add a checkbox to the about:preferences#privacy page
that toggles 'privacy.thirdparty.isolate'.

Note that 'privacy.thirdparty.isolate' will be renamed to
'privacy.firstparty.isolate' in Firefox 52.

This patch also removes the 'extensions.torbutton.no_tor_plugin'
pref and simply uses the 'plugin.disable' pref instead.

Thanks to our patch for Bug 10280 in tor-browser.git,
buttons on the plugins section of about:addons
already let you "Enable plugins" and "Disable plugins"
(i.e., toggle the 'plugin.disable' pref).

Also it's probably better to remove this footgun in the UI.

An equivalent checkbox, "Always use private browsing mode"
is already available in about:preferences#privacy. Better to leave
it more hidden from the user in any case, as it is inadvisable
to disable private browsing mode.

We remove the 'extensions.torbutton.block_disk' pref and use the
'browser.privatebrowsing.autostart' pref instead, because they
are equivalent.

We'll also use add a patch to disable remote jars in tor-browser.git

arthuredelstein@gmail.com authored Sep 15, 2016 and Georg Koppen committed Sep 26, 2016

If the dialog is too small to show all descriptions, then the
descriptions text area will show a scrollbar.

Call Tor Launcher's new TorGetControlSocketFile() function to determine
if a Unix domain socket is being used for Tor control port communication
and, if it is, use it instead of a TCP connection.

When performing the local Tor check (which compares the configured
Firefox SOCKS proxy to the one reported by GETINFO net/listeners/socks),
correctly handle UNIX domain sockets as well as IPv6 addresses.

Restore previous behavior: do not reset the SOCKS-related preferences when
the TOR_SOCKS_HOST and TOR_SOCKS_PORT environment variables are not set.

We need to clear site security settings (like HSTS) explicitely now
as they don't belong to the permissions manager anymore.