[tbb-bugs] #28174 [Applications/Tor Browser]: Block non-.onion subresources on .onion websites?

Tor Bug Tracker & Wiki blackhole at torproject.org
Fri Oct 26 06:47:42 UTC 2018


#28174: Block non-.onion subresources on .onion websites?
--------------------------------------+--------------------------
 Reporter:  arthuredelstein           |          Owner:  tbb-team
     Type:  defect                    |         Status:  new
 Priority:  Medium                    |      Milestone:
Component:  Applications/Tor Browser  |        Version:
 Severity:  Normal                    |     Resolution:
 Keywords:                            |  Actual Points:
Parent ID:                            |         Points:
 Reviewer:                            |        Sponsor:
--------------------------------------+--------------------------

Comment (by gk):

 Replying to [comment:1 tom]:
 > I think there are two constituents here: The onion server, and the
 Browser user.
 >
 > Our primary goal should be to serve the browser user.
 >
 > Where it's easy and simple, we can serve the onion server. But these
 suggestions are not comprehensive, and Tor Browser will never be a
 comprehensive onion audit tool. I would instead advocate for improving the
 tool onionscan https://onionscan.org/ where it is possible (although that
 also, cannot be comprehensive...)
 >
 >
 > Focusing on the browser user, I think it's fair to treat any non-onion
 resource as Mixed Content on an onion, regardless of HTTP/HTTPS status.
 There are three levels of Mixed Content Blocking:
 >  - None
 >  - Active (blocks scripts, allows images)
 >  - Full (blocks scripts and images)
 >
 > There's also the security slider. I would suggest that when the security
 slider is at High, we perform Full blocking. It provides a smaller attack
 surface for the browser user.

 I'd like to understand that point more. What attacks are you talking about
 here? We block *features* based on code execution vulnerabilities in the
 past, not based on transport, as a general rule of thumb. So, this means
 that on the highest slider scripts are already blocked irrespective of
 transport or mixed content situation or whatever. Now, images are not so
 far, because the ratio of security benefit/usability penalty is not that
 good. That, again, is not dependent on the underlying transport or the
 mixed content situation.

 If I understand it right then what you want is to defend against the
 *privacy* risks Arthur outlined by using the *security* slider. If that's
 the case then I am not convinced by that idea yet as we don't want to mix
 security and privacy related settings in the slider.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/28174#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tbb-bugs mailing list