[tor-talk] Request: Firefox extension/addon checking tutorial
Dave Warren
davew at hireahit.com
Fri Aug 21 05:44:25 UTC 2015
On 2015-08-20 21:27, Cain Ungothep wrote:
>> Anybody care to make a peer-reviewed guide of how to check the
>> >extensions for leaks, cheats and other dirty tricks?
> I would say use the source, Lara.
>
> It's problematic, of course, since it requires an expert not only on
> programming, networking, privacy and security but also on Mozilla's
> extension architecture. But really, I don't think there's any other
> way.
I doubt there are many people who are truly competent to check the
source. You don't just need a programmer who checks to make sure the
code does what they expect, but also that there aren't any corner cases
where something does leak, just a little.
To be secure, one must also check the entirety of the Firefox source,
since Firefox could easily have some behaviour which intentionally leaks
when Tor is active (and possibly only when other conditions are met, to
reduce the odds of anyone who isn't a target from observing any
unexpected behaviour)
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
More information about the tor-talk
mailing list