[tor-dev] Request for feedback/victims: cfc-0.0.2
Yawning Angel
yawning at schwanenlied.me
Sun Mar 27 06:12:57 UTC 2016
Hello,
Thanks for the feedback so far.
[ PEOPLE THAT HAVE BIG SCARY ADVERSARIES IN THEIR THREAT MODEL
STILL SHOULD NOT USE THIS. ]
New version with changes some that add functionality, some code of
quality stuff, hence a version bump to 0.0.2, especially since it'll
probably be a bit before I can focus on tackling the TODO items.
Source: https://git.schwanenlied.me/yawning/cfc
XPI: https://people.torproject.org/~yawning/volatile/cfc-20160327/
Major changes:
* Properly deregister the HTTP event listeners on addon unload.
* Toned down the snark when I rewrite the CloudFlare captcha page,
since I wasn't very nice.
* Additional quality of life/privacy improvements courtesy of Will
Scott, both optional and enabled by default.
* (QoL) Skip useless landing pages (github.com/twitter.com will be
auto-redirected to the "search" pages).
* (Privacy) Kill twitter's outbound link tracking (t.co URLs) by
rewriting the DOM to go to the actual URL when possible. Since
DOM changes made from content scripts are isolated from page
scripts, this shouldn't substantially alter behavior.
* (Code quality) Use a pref listener to handle preference changes.
TODO:
* Try to figure out a way to mitigate the ability for archive.is to
track you. The IFRAME based approach might work here, needs more
investigation.
* Handle custom CloudFlare captcha pages (In general my philosophy is
to minimize false positives, over avoiding false negatives).
Looking at the regexes in dcf's post, disabling the title check may
be all that's needed.
* Handle CloudFlare 503 pages.
* Get samples of other common blanket CDN based Tor blocking/major
sites that block Tor, and implement bypass methods similar to how
CloudFlare is handled.
* Look into adding a "contact site owner" button as suggested by Jeff
Burdges et al (Difficult?).
* Support a user specified "always use archive.is for these sites"
list.
* UI improvements.
* More Quality of Life/Privacy improvements (Come for the Street
Signs, stay for the user scripts).
* I will eventually get annoyed enough at being linked to mobile
wikipedia that I will rewrite URLs to strip out the ".m.".
* Test this on Fennec.
* Maybe throw this up on addons.mozilla.org.
Regards,
--
Yawning Angel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20160327/9dcb9f5f/attachment.sig>
More information about the tor-dev
mailing list