[tor-bugs] #26529 [Applications/Tor Browser]: TBA - Notify user about possible proxy-bypass before opening external app
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sat Oct 19 20:39:51 UTC 2019
#26529: TBA - Notify user about possible proxy-bypass before opening external app
-------------------------------------------------+-------------------------
Reporter: sysrqb | Owner: tbb-
| team
Type: defect | Status:
| needs_information
Priority: High | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: tbb-mobile, tbb-torbutton, tbb- | Actual Points:
proxy-bypass, TBA-a3, tbb-8.5, tbb-parity, |
TorBrowserTeam201910 |
Parent ID: | Points:
Reviewer: | Sponsor:
| Sponsor8
-------------------------------------------------+-------------------------
Changes (by gk):
* keywords:
tbb-mobile, tbb-torbutton, tbb-proxy-bypass, TBA-a3, tbb-8.5, tbb-
parity, TorBrowserTeam201910R
=>
tbb-mobile, tbb-torbutton, tbb-proxy-bypass, TBA-a3, tbb-8.5, tbb-
parity, TorBrowserTeam201910
* status: needs_review => needs_information
Comment:
Looks good to me. I've applied the patch to `tor-browser-68.2.0esr-9.5-1`
(commit 6dc05e67cdbbb0a74f2c24387a3ea7443e08b57c).
Two things I am unsure about:
1)
{{{
* launches a file during private browsing. The dialog appears to notify
the user that a clicked
* link will open in an external application, potentially leaking their
browsing history.
*/
}}}
That's not the same as explaining possible proxy bypass/anonymity losses.
We spent quite some time trying to get the message right for desktop. Do
we want to do that as well in this case?
2) Are we confident we have caught all possible issues here? There seems
to be a variety of potentially problematic code paths.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/26529#comment:17>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list