[tbb-bugs] #25090 [Applications/Tor Browser]: Make sure IPFS & co in addons are shoved up through Tor and don't leak in ESR60

Tor Bug Tracker & Wiki blackhole at torproject.org
Fri Sep 14 18:49:15 UTC 2018


#25090: Make sure IPFS & co in addons are shoved up through Tor and don't leak in
ESR60
----------------------------------------+----------------------------
 Reporter:  cypherpunks                 |          Owner:  tbb-team
     Type:  defect                      |         Status:  closed
 Priority:  Medium                      |      Milestone:
Component:  Applications/Tor Browser    |        Version:
 Severity:  Normal                      |     Resolution:  worksforme
 Keywords:  ff60-esr, tbb-proxy-bypass  |  Actual Points:
Parent ID:                              |         Points:
 Reviewer:                              |        Sponsor:
----------------------------------------+----------------------------
Changes (by gk):

 * status:  new => closed
 * resolution:   => worksforme


Comment:

 I think we are good right now. There is no TCP/UDP Socket API available
 for WebExtensions yet (see:
 https://bugzilla.mozilla.org/show_bug.cgi?id=1247628) so, this risk is
 ruled out. You can register those protocols with protocol handlers (see:
 https://developer.mozilla.org/en-US/docs/Mozilla/Add-
 ons/WebExtensions/manifest.json/protocol_handlers) but that's a web based
 mechanism, so that should be fine.

 That said: even if extensions which implemented/supported those protocols
 *would* bypass Tor then I think this would fall under our strong
 recommendation to not install third-party extensions as they can
 compromise your privacy/anonymity.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/25090#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tbb-bugs mailing list