|
...
|
...
|
@@ -1,6 +1,6 @@
|
|
1
|
1
|
<?xml version="1.0" encoding="UTF-8"?>
|
|
2
|
2
|
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
|
3
|
|
-<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Torbutton Design Documentation</title><meta name="generator" content="DocBook XSL Stylesheets V1.75.2" /></head><body><div class="article" title="Torbutton Design Documentation"><div class="titlepage"><div><div><h2 class="title"><a id="design"></a>Torbutton Design Documentation</h2></div><div><div class="author"><h3 class="author"><span class="firstname">Mike</span> <span class="surname">Perry</span></h3><div class="affiliation"><div class="address"><p><code class="email"><<a class="email" href="mailto:mikeperry.fscked/org">mikeperry.fscked/org</a>></code></p></div></div></div></div><div><p class="pubdate">Apr 3 2011</p></div></div><hr /></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="#id2632653">1. Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="#adversary">1.1. Adversary Model</a></span></dt><dt><span class="sect2"><a href="#requirements">1.2. Torbutton Requirements</a></span></dt><dt><span class="sect2"><a href="#layout">1.3. Extension Layout</a></span></dt></dl></dd><dt><span class="sect1"><a href="#components">2. Components</a></span></dt><dd><dl><dt><span class="sect2"><a href="#hookedxpcom">2.1. Hooked Components</a></span></dt><dt><span class="sect2"><a href="#id2657921">2.2. New Components</a></span></dt></dl></dd><dt><span class="sect1"><a href="#id2636893">3. Chrome</a></span></dt><dd><dl><dt><span class="sect2"><a href="#id2658833">3.1. XUL Windows and Overlays</a></span></dt><dt><span class="sect2"><a href="#id2655137">3.2. Major Chrome Observers</a></span></dt></dl></dd><dt><span class="sect1"><a href="#id2657565">4. Toggle Code Path</a></span></dt><dd><dl><dt><span class="sect2"><a href="#id2653926">4.1. Button Click</a></span></dt><dt><span class="sect2"><a href="#id2652911">4.2. Proxy Update</a></span></dt><dt><span class="sect2"><a href="#id2647095">4.3. Settings Update</a></span></dt><dt><span class="sect2"><a href="#preferences">4.4. Firefox preferences touched during Toggle</a></span></dt></dl></dd><dt><span class="sect1"><a href="#id2659431">5. Description of Options</a></span></dt><dd><dl><dt><span class="sect2"><a href="#id2661813">5.1. Proxy Settings</a></span></dt><dt><span class="sect2"><a href="#id2660939">5.2. Dynamic Content Settings</a></span></dt><dt><span class="sect2"><a href="#id2670963">5.3. History and Forms Settings</a></span></dt><dt><span class="sect2"><a href="#id2671276">5.4. Cache Settings</a></span></dt><dt><span class="sect2"><a href="#id2671385">5.5. Cookie and Auth Settings</a></span></dt><dt><span class="sect2"><a href="#id2671698">5.6. Startup Settings</a></span></dt><dt><span class="sect2"><a href="#id2671812">5.7. Shutdown Settings</a></span></dt><dt><span class="sect2"><a href="#id2671872">5.8. Header Settings</a></span></dt></dl></dd><dt><span class="sect1"><a href="#FirefoxBugs">6. Relevant Firefox Bugs</a></span></dt><dd><dl><dt><span class="sect2"><a href="#FirefoxSecurity">6.1. Bugs impacting security</a></span></dt><dt><span class="sect2"><a href="#FirefoxWishlist">6.2. Bugs blocking functionality</a></span></dt><dt><span class="sect2"><a href="#FirefoxMiscBugs">6.3. Low Priority Bugs</a></span></dt></dl></dd><dt><span class="sect1"><a href="#TestPlan">7. Testing</a></span></dt><dd><dl><dt><span class="sect2"><a href="#SingleStateTesting">7.1. Single state testing</a></span></dt><dt><span class="sect2"><a href="#id2673409">7.2. Multi-state testing</a></span></dt><dt><span class="sect2"><a href="#HackTorbutton">7.3. Active testing (aka How to Hack Torbutton)</a></span></dt></dl></dd></dl></div><div class="sect1" title="1. Introduction"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id2632653"></a>1. Introduction</h2></div></div></div><p>
|
|
|
3
|
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Torbutton Design Documentation</title><meta name="generator" content="DocBook XSL Stylesheets V1.75.2" /></head><body><div class="article" title="Torbutton Design Documentation"><div class="titlepage"><div><div><h2 class="title"><a id="design"></a>Torbutton Design Documentation</h2></div><div><div class="author"><h3 class="author"><span class="firstname">Mike</span> <span class="surname">Perry</span></h3><div class="affiliation"><div class="address"><p><code class="email"><<a class="email" href="mailto:mikeperry.fscked/org">mikeperry.fscked/org</a>></code></p></div></div></div></div><div><p class="pubdate">Apr 4 2011</p></div></div><hr /></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="#id2657298">1. Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="#adversary">1.1. Adversary Model</a></span></dt><dt><span class="sect2"><a href="#requirements">1.2. Torbutton Requirements</a></span></dt><dt><span class="sect2"><a href="#layout">1.3. Extension Layout</a></span></dt></dl></dd><dt><span class="sect1"><a href="#components">2. Components</a></span></dt><dd><dl><dt><span class="sect2"><a href="#hookedxpcom">2.1. Hooked Components</a></span></dt><dt><span class="sect2"><a href="#id2682565">2.2. New Components</a></span></dt></dl></dd><dt><span class="sect1"><a href="#id2661538">3. Chrome</a></span></dt><dd><dl><dt><span class="sect2"><a href="#id2683477">3.1. XUL Windows and Overlays</a></span></dt><dt><span class="sect2"><a href="#id2679782">3.2. Major Chrome Observers</a></span></dt></dl></dd><dt><span class="sect1"><a href="#id2682210">4. Toggle Code Path</a></span></dt><dd><dl><dt><span class="sect2"><a href="#id2678571">4.1. Button Click</a></span></dt><dt><span class="sect2"><a href="#id2677555">4.2. Proxy Update</a></span></dt><dt><span class="sect2"><a href="#id2671739">4.3. Settings Update</a></span></dt><dt><span class="sect2"><a href="#preferences">4.4. Firefox preferences touched during Toggle</a></span></dt></dl></dd><dt><span class="sect1"><a href="#id2684076">5. Description of Options</a></span></dt><dd><dl><dt><span class="sect2"><a href="#id2686457">5.1. Proxy Settings</a></span></dt><dt><span class="sect2"><a href="#id2685583">5.2. Dynamic Content Settings</a></span></dt><dt><span class="sect2"><a href="#id2695607">5.3. History and Forms Settings</a></span></dt><dt><span class="sect2"><a href="#id2695921">5.4. Cache Settings</a></span></dt><dt><span class="sect2"><a href="#id2696030">5.5. Cookie and Auth Settings</a></span></dt><dt><span class="sect2"><a href="#id2696343">5.6. Startup Settings</a></span></dt><dt><span class="sect2"><a href="#id2696457">5.7. Shutdown Settings</a></span></dt><dt><span class="sect2"><a href="#id2696517">5.8. Header Settings</a></span></dt></dl></dd><dt><span class="sect1"><a href="#FirefoxBugs">6. Relevant Firefox Bugs</a></span></dt><dd><dl><dt><span class="sect2"><a href="#FirefoxSecurity">6.1. Bugs impacting security</a></span></dt><dt><span class="sect2"><a href="#FirefoxWishlist">6.2. Bugs blocking functionality</a></span></dt><dt><span class="sect2"><a href="#FirefoxMiscBugs">6.3. Low Priority Bugs</a></span></dt></dl></dd><dt><span class="sect1"><a href="#TestPlan">7. Testing</a></span></dt><dd><dl><dt><span class="sect2"><a href="#SingleStateTesting">7.1. Single state testing</a></span></dt><dt><span class="sect2"><a href="#id2698010">7.2. Multi-state testing</a></span></dt><dt><span class="sect2"><a href="#HackTorbutton">7.3. Active testing (aka How to Hack Torbutton)</a></span></dt></dl></dd></dl></div><div class="sect1" title="1. Introduction"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id2657298"></a>1. Introduction</h2></div></div></div><p>
|
|
4
|
4
|
|
|
5
|
5
|
This document describes the goals, operation, and testing procedures of the
|
|
6
|
6
|
Torbutton Firefox extension. It is current as of Torbutton 1.3.2.
|
|
...
|
...
|
@@ -192,17 +192,18 @@ that requirement.
|
|
192
|
192
|
From the above Adversary Model, a number of requirements become clear.
|
|
193
|
193
|
|
|
194
|
194
|
</p><div class="orderedlist"><ol class="orderedlist" type="1"><li class="listitem"><a id="proxy"></a><span class="command"><strong>Proxy Obedience</strong></span><p>The browser
|
|
195
|
|
-MUST NOT bypass Tor proxy settings for any content.</p></li><li class="listitem"><a id="isolation"></a><span class="command"><strong>Network Isolation</strong></span><p>Pages MUST NOT perform any network activity in a Tor state different
|
|
196
|
|
- from the state they were originally loaded in.</p></li><li class="listitem"><a id="state"></a><span class="command"><strong>State Separation</strong></span><p>Browser state (cookies, cache, history, 'DOM storage'), accumulated in
|
|
|
195
|
+MUST NOT bypass Tor proxy settings for any content.</p></li><li class="listitem"><a id="state"></a><span class="command"><strong>State Separation</strong></span><p>Browser state (cookies, cache, history, 'DOM storage'), accumulated in
|
|
197
|
196
|
one Tor state MUST NOT be accessible via the network in
|
|
198
|
|
- another Tor state.</p></li><li class="listitem"><a id="undiscoverability"></a><span class="command"><strong>Tor Undiscoverability</strong></span><p>With
|
|
|
197
|
+ another Tor state.</p></li><li class="listitem"><a id="isolation"></a><span class="command"><strong>Network Isolation</strong></span><p>Pages MUST NOT perform any network activity in a Tor state different
|
|
|
198
|
+ from the state they were originally loaded in.</p></li><li class="listitem"><a id="undiscoverability"></a><span class="command"><strong>Tor Undiscoverability</strong></span><p>With
|
|
199
|
199
|
the advent of bridge support in Tor 0.2.0.x, there are now a class of Tor
|
|
200
|
200
|
users whose network fingerprint does not obviously betray the fact that they
|
|
201
|
201
|
are using Tor. This should extend to the browser as well - Torbutton MUST NOT
|
|
202
|
202
|
reveal its presence while Tor is disabled.</p></li><li class="listitem"><a id="disk"></a><span class="command"><strong>Disk Avoidance</strong></span><p>The browser SHOULD NOT write any Tor-related state to disk, or store it
|
|
203
|
203
|
in memory beyond the duration of one Tor toggle.</p></li><li class="listitem"><a id="location"></a><span class="command"><strong>Location Neutrality</strong></span><p>The browser SHOULD NOT leak location-specific information, such as
|
|
204
|
204
|
timezone or locale via Tor.</p></li><li class="listitem"><a id="setpreservation"></a><span class="command"><strong>Anonymity Set
|
|
205
|
|
-Preservation</strong></span><p>The browser SHOULD NOT leak any other anonymity set reducing information
|
|
|
205
|
+Preservation</strong></span><p>The browser SHOULD NOT leak any other anonymity
|
|
|
206
|
+set reducing or fingerprinting information
|
|
206
|
207
|
(such as user agent, extension presence, and resolution information)
|
|
207
|
208
|
automatically via Tor. The assessment of the attacks above should make it clear
|
|
208
|
209
|
that anonymity set reduction is a very powerful method of tracking and
|
|
...
|
...
|
@@ -249,7 +250,7 @@ do not obey proxy settings, they can be manipulated to automatically connect
|
|
249
|
250
|
back to arbitrary servers outside of Tor with no user intervention. Fixing
|
|
250
|
251
|
this issue helps to satisfy Torbutton's <a class="link" href="#proxy">Proxy
|
|
251
|
252
|
Obedience</a> Requirement.
|
|
252
|
|
- </p></div><div class="sect3" title="@mozilla.org/browser/global-history;2 - components/ignore-history.js"><div class="titlepage"><div><div><h4 class="title"><a id="id2644921"></a><a class="ulink" href="http://www.oxymoronical.com/experiments/xpcomref/applications/Firefox/3.5/components/%40mozilla.org/browser/global-history;2" target="_top">@mozilla.org/browser/global-history;2</a>
|
|
|
253
|
+ </p></div><div class="sect3" title="@mozilla.org/browser/global-history;2 - components/ignore-history.js"><div class="titlepage"><div><div><h4 class="title"><a id="id2669566"></a><a class="ulink" href="http://www.oxymoronical.com/experiments/xpcomref/applications/Firefox/3.5/components/%40mozilla.org/browser/global-history;2" target="_top">@mozilla.org/browser/global-history;2</a>
|
|
253
|
254
|
- <a class="ulink" href="https://gitweb.torproject.org/torbutton.git/blob_plain/HEAD:/src/components/ignore-history.js" target="_top">components/ignore-history.js</a></h4></div></div></div><p>This component was contributed by <a class="ulink" href="http://www.collinjackson.com/" target="_top">Collin Jackson</a> as a method for defeating
|
|
254
|
255
|
CSS and Javascript-based methods of history disclosure. The global-history
|
|
255
|
256
|
component is what is used by Firefox to determine if a link was visited or not
|
|
...
|
...
|
@@ -277,7 +278,7 @@ firing in the event the browser starts in Tor mode.
|
|
277
|
278
|
This component helps satisfy the <a class="link" href="#isolation">Network
|
|
278
|
279
|
Isolation</a> and <a class="link" href="#setpreservation">Anonymity Set
|
|
279
|
280
|
Preservation</a> requirements.
|
|
280
|
|
-</p></div></div><div class="sect2" title="2.2. New Components"><div class="titlepage"><div><div><h3 class="title"><a id="id2657921"></a>2.2. New Components</h3></div></div></div><p>Torbutton creates four new components that are used throughout the
|
|
|
281
|
+</p></div></div><div class="sect2" title="2.2. New Components"><div class="titlepage"><div><div><h3 class="title"><a id="id2682565"></a>2.2. New Components</h3></div></div></div><p>Torbutton creates four new components that are used throughout the
|
|
281
|
282
|
extension. These components do not hook any interfaces, nor are they used
|
|
282
|
283
|
anywhere besides Torbutton itself.</p><div class="sect3" title="@torproject.org/cookie-jar-selector;2 - components/cookie-jar-selector.js"><div class="titlepage"><div><div><h4 class="title"><a id="cookiejar"></a><a class="ulink" href="https://gitweb.torproject.org/torbutton.git/blob_plain/HEAD:/src/components/cookie-jar-selector.js" target="_top">@torproject.org/cookie-jar-selector;2
|
|
283
|
284
|
- components/cookie-jar-selector.js</a></h4></div></div></div><p>The cookie jar selector (also based on code from <a class="ulink" href="http://www.collinjackson.com/" target="_top">Collin
|
|
...
|
...
|
@@ -289,7 +290,7 @@ state from the XML store.
|
|
289
|
290
|
</p><p>
|
|
290
|
291
|
This component helps to address the <a class="link" href="#state">State
|
|
291
|
292
|
Isolation</a> requirement of Torbutton.
|
|
292
|
|
-</p></div><div class="sect3" title="@torproject.org/torbutton-logger;1 - components/torbutton-logger.js"><div class="titlepage"><div><div><h4 class="title"><a id="id2670270"></a><a class="ulink" href="https://gitweb.torproject.org/torbutton.git/blob_plain/HEAD:/src/components/torbutton-logger.js" target="_top">@torproject.org/torbutton-logger;1
|
|
|
293
|
+</p></div><div class="sect3" title="@torproject.org/torbutton-logger;1 - components/torbutton-logger.js"><div class="titlepage"><div><div><h4 class="title"><a id="id2694914"></a><a class="ulink" href="https://gitweb.torproject.org/torbutton.git/blob_plain/HEAD:/src/components/torbutton-logger.js" target="_top">@torproject.org/torbutton-logger;1
|
|
293
|
294
|
- components/torbutton-logger.js</a></h4></div></div></div><p>The torbutton logger component allows on-the-fly redirection of torbutton
|
|
294
|
295
|
logging messages to either Firefox stderr
|
|
295
|
296
|
(<span class="command"><strong>extensions.torbutton.logmethod=0</strong></span>), the Javascript error console
|
|
...
|
...
|
@@ -328,9 +329,9 @@ Firefox session store with our own implementation, which is what was done in
|
|
328
|
329
|
years past.
|
|
329
|
330
|
|
|
330
|
331
|
</p></div><div class="sect3" title="@torproject.org/torRefSpoofer;1"><div class="titlepage"><div><div><h4 class="title"><a id="refspoofer"></a><a class="ulink" href="https://gitweb.torproject.org/torbutton.git/blob_plain/HEAD:/src/components/torRefSpoofer.js" target="_top">@torproject.org/torRefSpoofer;1</a></h4></div></div></div><p>
|
|
331
|
|
-This component handles optional referrer spoofing for Torbuton. It implements a
|
|
|
332
|
+This component handles optional referer spoofing for Torbutton. It implements a
|
|
332
|
333
|
form of "smart" referer spoofing using <a class="ulink" href="https://developer.mozilla.org/en/Setting_HTTP_request_headers" target="_top">http-on-modify-request</a>
|
|
333
|
|
-to modify the Referrer header. The code sends the default browser referrer
|
|
|
334
|
+to modify the Referer header. The code sends the default browser referer
|
|
334
|
335
|
header only if the destination domain is a suffix of the source, or if the
|
|
335
|
336
|
source is a suffix of the destination. Otherwise, it sends no referer. This
|
|
336
|
337
|
strange suffix logic is used as a heuristic: some rare sites on the web block
|
|
...
|
...
|
@@ -370,17 +371,17 @@ reason are not passed to the Firefox content policy itself (see Firefox Bugs
|
|
370
|
371
|
</p><p>
|
|
371
|
372
|
|
|
372
|
373
|
This helps to fulfill both the <a class="link" href="#setpreservation">Anonymity Set Preservation</a> and the <a class="link" href="#undiscoverability">Tor Undiscoverability</a> requirements of
|
|
373
|
|
-Torbutton.</p></div></div></div><div class="sect1" title="3. Chrome"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id2636893"></a>3. Chrome</h2></div></div></div><p>The chrome is where all the torbutton graphical elements and windows are
|
|
374
|
|
-located. </p><div class="sect2" title="3.1. XUL Windows and Overlays"><div class="titlepage"><div><div><h3 class="title"><a id="id2658833"></a>3.1. XUL Windows and Overlays</h3></div></div></div><p>
|
|
|
374
|
+Torbutton.</p></div></div></div><div class="sect1" title="3. Chrome"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id2661538"></a>3. Chrome</h2></div></div></div><p>The chrome is where all the torbutton graphical elements and windows are
|
|
|
375
|
+located. </p><div class="sect2" title="3.1. XUL Windows and Overlays"><div class="titlepage"><div><div><h3 class="title"><a id="id2683477"></a>3.1. XUL Windows and Overlays</h3></div></div></div><p>
|
|
375
|
376
|
Each window is described as an <a class="ulink" href="http://developer.mozilla.org/en/docs/XUL_Reference" target="_top">XML file</a>, with zero or more Javascript
|
|
376
|
377
|
files attached. The scope of these Javascript files is their containing
|
|
377
|
378
|
window. XUL files that add new elements and script to existing Firefox windows
|
|
378
|
379
|
are called overlays.</p><div class="sect3" title="Browser Overlay - torbutton.xul"><div class="titlepage"><div><div><h4 class="title"><a id="browseroverlay"></a>Browser Overlay - <a class="ulink" href="https://gitweb.torproject.org/torbutton.git/blob_plain/HEAD:/src/chrome/content/torbutton.xul" target="_top">torbutton.xul</a></h4></div></div></div><p>The browser overlay, torbutton.xul, defines the toolbar button, the status
|
|
379
|
380
|
bar, and events for toggling the button. The overlay code is in <a class="ulink" href="https://gitweb.torproject.org/torbutton.git/blob_plain/HEAD:/src/chrome/content/torbutton.js" target="_top">chrome/content/torbutton.js</a>.
|
|
380
|
381
|
It contains event handlers for preference update, shutdown, upgrade, and
|
|
381
|
|
-location change events.</p></div><div class="sect3" title="Preferences Window - preferences.xul"><div class="titlepage"><div><div><h4 class="title"><a id="id2647653"></a>Preferences Window - <a class="ulink" href="https://gitweb.torproject.org/torbutton.git/blob_plain/HEAD:/src/chrome/content/preferences.xul" target="_top">preferences.xul</a></h4></div></div></div><p>The preferences window of course lays out the Torbutton preferences, with
|
|
382
|
|
-handlers located in <a class="ulink" href="https://gitweb.torproject.org/torbutton.git/blob_plain/HEAD:/src/chrome/content/preferences.js" target="_top">chrome/content/preferences.js</a>.</p></div><div class="sect3" title="Other Windows"><div class="titlepage"><div><div><h4 class="title"><a id="id2665081"></a>Other Windows</h4></div></div></div><p>There are additional windows that describe popups for right clicking on
|
|
383
|
|
-the status bar, the toolbutton, and the about page.</p></div></div><div class="sect2" title="3.2. Major Chrome Observers"><div class="titlepage"><div><div><h3 class="title"><a id="id2655137"></a>3.2. Major Chrome Observers</h3></div></div></div><p>
|
|
|
382
|
+location change events.</p></div><div class="sect3" title="Preferences Window - preferences.xul"><div class="titlepage"><div><div><h4 class="title"><a id="id2672297"></a>Preferences Window - <a class="ulink" href="https://gitweb.torproject.org/torbutton.git/blob_plain/HEAD:/src/chrome/content/preferences.xul" target="_top">preferences.xul</a></h4></div></div></div><p>The preferences window of course lays out the Torbutton preferences, with
|
|
|
383
|
+handlers located in <a class="ulink" href="https://gitweb.torproject.org/torbutton.git/blob_plain/HEAD:/src/chrome/content/preferences.js" target="_top">chrome/content/preferences.js</a>.</p></div><div class="sect3" title="Other Windows"><div class="titlepage"><div><div><h4 class="title"><a id="id2689726"></a>Other Windows</h4></div></div></div><p>There are additional windows that describe popups for right clicking on
|
|
|
384
|
+the status bar, the toolbutton, and the about page.</p></div></div><div class="sect2" title="3.2. Major Chrome Observers"><div class="titlepage"><div><div><h3 class="title"><a id="id2679782"></a>3.2. Major Chrome Observers</h3></div></div></div><p>
|
|
384
|
385
|
In addition to the <a class="link" href="#components" title="2. Components">components described
|
|
385
|
386
|
above</a>, Torbutton also instantiates several observers in the browser
|
|
386
|
387
|
overlay window. These mostly grew due to scoping convenience, and many should
|
|
...
|
...
|
@@ -434,7 +435,7 @@ state tags, plugin permissions, and install the Javascript hooks to hook the
|
|
434
|
435
|
<a class="ulink" href="https://developer.mozilla.org/en/DOM/window.screen" target="_top">window.screen</a>
|
|
435
|
436
|
object to obfuscate browser and desktop resolution information.
|
|
436
|
437
|
|
|
437
|
|
-</p></li></ol></div></div></div><div class="sect1" title="4. Toggle Code Path"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id2657565"></a>4. Toggle Code Path</h2></div></div></div><p>
|
|
|
438
|
+</p></li></ol></div></div></div><div class="sect1" title="4. Toggle Code Path"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id2682210"></a>4. Toggle Code Path</h2></div></div></div><p>
|
|
438
|
439
|
|
|
439
|
440
|
The act of toggling is connected to <code class="function">torbutton_toggle()</code>
|
|
440
|
441
|
via the <a class="ulink" href="https://gitweb.torproject.org/torbutton.git/blob_plain/HEAD:/src/chrome/content/torbutton.xul" target="_top">torbutton.xul</a>
|
|
...
|
...
|
@@ -455,7 +456,7 @@ conditions and leakage, especially with <a class="ulink" href="https://bugzilla.
|
|
455
|
456
|
409737</a> unfixed. The content policy does not allow any network activity
|
|
456
|
457
|
whatsoever during this three stage transition.
|
|
457
|
458
|
|
|
458
|
|
- </p><div class="sect2" title="4.1. Button Click"><div class="titlepage"><div><div><h3 class="title"><a id="id2653926"></a>4.1. Button Click</h3></div></div></div><p>
|
|
|
459
|
+ </p><div class="sect2" title="4.1. Button Click"><div class="titlepage"><div><div><h3 class="title"><a id="id2678571"></a>4.1. Button Click</h3></div></div></div><p>
|
|
459
|
460
|
|
|
460
|
461
|
This is the first step in the toggling process. When the user clicks the
|
|
461
|
462
|
toggle button or the toolbar, <code class="function">torbutton_toggle()</code> is
|
|
...
|
...
|
@@ -468,7 +469,7 @@ observer</a>
|
|
468
|
469
|
<span class="command"><strong>torbutton_unique_pref_observer</strong></span> to perform the rest of the
|
|
469
|
470
|
toggle.
|
|
470
|
471
|
|
|
471
|
|
- </p></div><div class="sect2" title="4.2. Proxy Update"><div class="titlepage"><div><div><h3 class="title"><a id="id2652911"></a>4.2. Proxy Update</h3></div></div></div><p>
|
|
|
472
|
+ </p></div><div class="sect2" title="4.2. Proxy Update"><div class="titlepage"><div><div><h3 class="title"><a id="id2677555"></a>4.2. Proxy Update</h3></div></div></div><p>
|
|
472
|
473
|
|
|
473
|
474
|
When Torbutton receives any proxy change notifications via its
|
|
474
|
475
|
<span class="command"><strong>torbutton_unique_pref_observer</strong></span>, it calls
|
|
...
|
...
|
@@ -483,7 +484,7 @@ value. This is decoupled from the button click functionality via the pref
|
|
483
|
484
|
observer so that other addons (such as SwitchProxy) can switch the proxy
|
|
484
|
485
|
settings between multiple proxies.
|
|
485
|
486
|
|
|
486
|
|
- </p></div><div class="sect2" title="4.3. Settings Update"><div class="titlepage"><div><div><h3 class="title"><a id="id2647095"></a>4.3. Settings Update</h3></div></div></div><p>
|
|
|
487
|
+ </p></div><div class="sect2" title="4.3. Settings Update"><div class="titlepage"><div><div><h3 class="title"><a id="id2671739"></a>4.3. Settings Update</h3></div></div></div><p>
|
|
487
|
488
|
|
|
488
|
489
|
The next stage is also handled by
|
|
489
|
490
|
<code class="function">torbutton_update_status()</code>. This function sets scores of
|
|
...
|
...
|
@@ -610,10 +611,10 @@ enabled. This helps Torbutton fulfill its <a class="link" href="#disk">Disk
|
|
610
|
611
|
Avoidance</a> and <a class="link" href="#state">State Separation</a>
|
|
611
|
612
|
requirements.
|
|
612
|
613
|
|
|
613
|
|
- </p></li></ol></div></div></div><div class="sect1" title="5. Description of Options"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id2659431"></a>5. Description of Options</h2></div></div></div><p>This section provides a detailed description of Torbutton's options. Each
|
|
|
614
|
+ </p></li></ol></div></div></div><div class="sect1" title="5. Description of Options"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id2684076"></a>5. Description of Options</h2></div></div></div><p>This section provides a detailed description of Torbutton's options. Each
|
|
614
|
615
|
option is presented as the string from the preferences window, a summary, the
|
|
615
|
616
|
preferences it touches, and the effect this has on the components, chrome, and
|
|
616
|
|
-browser properties.</p><div class="sect2" title="5.1. Proxy Settings"><div class="titlepage"><div><div><h3 class="title"><a id="id2661813"></a>5.1. Proxy Settings</h3></div></div></div><div class="sect3" title="Test Settings"><div class="titlepage"><div><div><h4 class="title"><a id="id2663502"></a>Test Settings</h4></div></div></div><p>
|
|
|
617
|
+browser properties.</p><div class="sect2" title="5.1. Proxy Settings"><div class="titlepage"><div><div><h3 class="title"><a id="id2686457"></a>5.1. Proxy Settings</h3></div></div></div><div class="sect3" title="Test Settings"><div class="titlepage"><div><div><h4 class="title"><a id="id2688146"></a>Test Settings</h4></div></div></div><p>
|
|
617
|
618
|
This button under the Proxy Settings tab provides a way to verify that the
|
|
618
|
619
|
proxy settings are correct, and actually do route through the Tor network. It
|
|
619
|
620
|
performs this check by issuing an <a class="ulink" href="http://developer.mozilla.org/en/docs/XMLHttpRequest" target="_top">XMLHTTPRequest</a>
|
|
...
|
...
|
@@ -628,7 +629,7 @@ Presenting the results to the user is handled by the <a class="ulink" href="http
|
|
628
|
629
|
window</a>
|
|
629
|
630
|
callback <code class="function">torbutton_prefs_test_settings()</code> in <a class="ulink" href="https://gitweb.torproject.org/torbutton.git/blob_plain/HEAD:/src/chrome/content/preferences.js" target="_top">preferences.js</a>.
|
|
630
|
631
|
|
|
631
|
|
- </p></div></div><div class="sect2" title="5.2. Dynamic Content Settings"><div class="titlepage"><div><div><h3 class="title"><a id="id2660939"></a>5.2. Dynamic Content Settings</h3></div></div></div><div class="sect3" title="Disable plugins on Tor Usage (crucial)"><div class="titlepage"><div><div><h4 class="title"><a id="plugins"></a>Disable plugins on Tor Usage (crucial)</h4></div></div></div><p>Option: <span class="command"><strong>extensions.torbutton.no_tor_plugins</strong></span></p><p>Java and plugins <a class="ulink" href="http://java.sun.com/j2se/1.5.0/docs/api/java/net/class-use/NetworkInterface.html" target="_top">can query</a> the <a class="ulink" href="http://www.rgagnon.com/javadetails/java-0095.html" target="_top">local IP
|
|
|
632
|
+ </p></div></div><div class="sect2" title="5.2. Dynamic Content Settings"><div class="titlepage"><div><div><h3 class="title"><a id="id2685583"></a>5.2. Dynamic Content Settings</h3></div></div></div><div class="sect3" title="Disable plugins on Tor Usage (crucial)"><div class="titlepage"><div><div><h4 class="title"><a id="plugins"></a>Disable plugins on Tor Usage (crucial)</h4></div></div></div><p>Option: <span class="command"><strong>extensions.torbutton.no_tor_plugins</strong></span></p><p>Java and plugins <a class="ulink" href="http://java.sun.com/j2se/1.5.0/docs/api/java/net/class-use/NetworkInterface.html" target="_top">can query</a> the <a class="ulink" href="http://www.rgagnon.com/javadetails/java-0095.html" target="_top">local IP
|
|
632
|
633
|
address</a> and report it back to the
|
|
633
|
634
|
remote site. They can also <a class="ulink" href="http://decloak.net" target="_top">bypass proxy settings</a> and directly connect to a
|
|
634
|
635
|
remote site without Tor. Every browser plugin we have tested with Firefox has
|
|
...
|
...
|
@@ -672,7 +673,7 @@ all this and the plugin managed to find some way to load.
|
|
672
|
673
|
Since most plugins completely ignore browser proxy settings, the actions
|
|
673
|
674
|
performed by this setting are crucial to satisfying the <a class="link" href="#proxy">Proxy Obedience</a> requirement.
|
|
674
|
675
|
|
|
675
|
|
- </p></div><div class="sect3" title="Isolate Dynamic Content to Tor State (crucial)"><div class="titlepage"><div><div><h4 class="title"><a id="id2660188"></a>Isolate Dynamic Content to Tor State (crucial)</h4></div></div></div><p>Option: <span class="command"><strong>extensions.torbutton.isolate_content</strong></span></p><p>Enabling this preference is what enables the <a class="ulink" href="https://gitweb.torproject.org/torbutton.git/blob_plain/HEAD:/src/components/cssblocker.js" target="_top">@torproject.org/cssblocker;1</a> content policy
|
|
|
676
|
+ </p></div><div class="sect3" title="Isolate Dynamic Content to Tor State (crucial)"><div class="titlepage"><div><div><h4 class="title"><a id="id2684833"></a>Isolate Dynamic Content to Tor State (crucial)</h4></div></div></div><p>Option: <span class="command"><strong>extensions.torbutton.isolate_content</strong></span></p><p>Enabling this preference is what enables the <a class="ulink" href="https://gitweb.torproject.org/torbutton.git/blob_plain/HEAD:/src/components/cssblocker.js" target="_top">@torproject.org/cssblocker;1</a> content policy
|
|
676
|
677
|
mentioned above, and causes it to block content load attempts in pages an
|
|
677
|
678
|
opposite Tor state from the current state. Freshly loaded <a class="ulink" href="https://developer.mozilla.org/en/XUL/tabbrowser" target="_top">browser
|
|
678
|
679
|
tabs</a> are tagged
|
|
...
|
...
|
@@ -724,7 +725,7 @@ We are still looking for a workaround as of Torbutton 1.3.2.
|
|
724
|
725
|
|
|
725
|
726
|
|
|
726
|
727
|
|
|
727
|
|
-</p></div><div class="sect3" title="Resize windows to multiples of 50px during Tor usage (recommended)"><div class="titlepage"><div><div><h4 class="title"><a id="id2629024"></a>Resize windows to multiples of 50px during Tor usage (recommended)</h4></div></div></div><p>Option: <span class="command"><strong>extensions.torbutton.resize_windows</strong></span></p><p>
|
|
|
728
|
+</p></div><div class="sect3" title="Resize windows to multiples of 50px during Tor usage (recommended)"><div class="titlepage"><div><div><h4 class="title"><a id="id2653668"></a>Resize windows to multiples of 50px during Tor usage (recommended)</h4></div></div></div><p>Option: <span class="command"><strong>extensions.torbutton.resize_windows</strong></span></p><p>
|
|
728
|
729
|
|
|
729
|
730
|
This option drastically cuts down on the number of distinct anonymity sets
|
|
730
|
731
|
that divide the Tor web userbase. Without this setting, the dimensions for a
|
|
...
|
...
|
@@ -759,7 +760,7 @@ infer toolbar size/presence by the distance to the nearest 50 pixel roundoff).
|
|
759
|
760
|
|
|
760
|
761
|
</p><p>
|
|
761
|
762
|
This setting helps to meet the <a class="link" href="#setpreservation">Anonymity Set Preservation</a> requirements.
|
|
762
|
|
-</p></div><div class="sect3" title="Disable Search Suggestions during Tor (recommended)"><div class="titlepage"><div><div><h4 class="title"><a id="id2629109"></a>Disable Search Suggestions during Tor (recommended)</h4></div></div></div><p>Option: <span class="command"><strong>extensions.torbutton.no_search</strong></span></p><p>
|
|
|
763
|
+</p></div><div class="sect3" title="Disable Search Suggestions during Tor (recommended)"><div class="titlepage"><div><div><h4 class="title"><a id="id2653753"></a>Disable Search Suggestions during Tor (recommended)</h4></div></div></div><p>Option: <span class="command"><strong>extensions.torbutton.no_search</strong></span></p><p>
|
|
763
|
764
|
This setting causes Torbutton to disable <a class="ulink" href="http://kb.mozillazine.org/Browser.search.suggest.enabled" target="_top"><span class="command"><strong>browser.search.suggest.enabled</strong></span></a>
|
|
764
|
765
|
during Tor usage.
|
|
765
|
766
|
This governs if you get Google search suggestions during Tor
|
|
...
|
...
|
@@ -770,7 +771,7 @@ this is recommended to be disabled.
|
|
770
|
771
|
While this setting doesn't satisfy any Torbutton requirements, the fact that
|
|
771
|
772
|
cookies are transmitted for partially typed queries does not seem desirable
|
|
772
|
773
|
for Tor usage.
|
|
773
|
|
-</p></div><div class="sect3" title="Disable Updates During Tor"><div class="titlepage"><div><div><h4 class="title"><a id="id2629148"></a>Disable Updates During Tor</h4></div></div></div><p>Option: <span class="command"><strong>extensions.torbutton.no_updates</strong></span></p><p>This setting causes Torbutton to disable the four <a class="ulink" href="http://wiki.mozilla.org/Update:Users/Checking_For_Updates#Preference_Controls_and_State" target="_top">Firefox
|
|
|
774
|
+</p></div><div class="sect3" title="Disable Updates During Tor"><div class="titlepage"><div><div><h4 class="title"><a id="id2653792"></a>Disable Updates During Tor</h4></div></div></div><p>Option: <span class="command"><strong>extensions.torbutton.no_updates</strong></span></p><p>This setting causes Torbutton to disable the four <a class="ulink" href="http://wiki.mozilla.org/Update:Users/Checking_For_Updates#Preference_Controls_and_State" target="_top">Firefox
|
|
774
|
775
|
update settings</a> during Tor
|
|
775
|
776
|
usage: <span class="command"><strong>extensions.update.enabled</strong></span>,
|
|
776
|
777
|
<span class="command"><strong>app.update.enabled</strong></span>,
|
|
...
|
...
|
@@ -780,7 +781,7 @@ update settings</a> during Tor
|
|
780
|
781
|
checking for search plugin updates while Tor is enabled.
|
|
781
|
782
|
</p><p>
|
|
782
|
783
|
This setting satisfies the <a class="link" href="#updates">Update Safety</a> requirement.
|
|
783
|
|
-</p></div><div class="sect3" title="Redirect Torbutton Updates Via Tor (recommended)"><div class="titlepage"><div><div><h4 class="title"><a id="id2629209"></a>Redirect Torbutton Updates Via Tor (recommended)</h4></div></div></div><p>Option: <span class="command"><strong>extensions.torbutton.update_torbutton_via_tor</strong></span></p><p>This setting causes Torbutton to install an
|
|
|
784
|
+</p></div><div class="sect3" title="Redirect Torbutton Updates Via Tor (recommended)"><div class="titlepage"><div><div><h4 class="title"><a id="id2653854"></a>Redirect Torbutton Updates Via Tor (recommended)</h4></div></div></div><p>Option: <span class="command"><strong>extensions.torbutton.update_torbutton_via_tor</strong></span></p><p>This setting causes Torbutton to install an
|
|
784
|
785
|
|
|
785
|
786
|
<a class="ulink" href="https://developer.mozilla.org/en/nsIProtocolProxyFilter" target="_top">nsIProtocolProxyFilter</a>
|
|
786
|
787
|
in order to redirect all version update checks and Torbutton update downloads
|
|
...
|
...
|
@@ -789,7 +790,7 @@ concerns about data retention done by <a class="ulink" href="https://www.addons.
|
|
789
|
790
|
help censored users meet the <a class="link" href="#undiscoverability">Tor
|
|
790
|
791
|
Undiscoverability</a> requirement.
|
|
791
|
792
|
|
|
792
|
|
- </p></div><div class="sect3" title="Disable livemarks updates during Tor usage (recommended)"><div class="titlepage"><div><div><h4 class="title"><a id="id2629253"></a>Disable livemarks updates during Tor usage (recommended)</h4></div></div></div><p>Option:
|
|
|
793
|
+ </p></div><div class="sect3" title="Disable livemarks updates during Tor usage (recommended)"><div class="titlepage"><div><div><h4 class="title"><a id="id2653898"></a>Disable livemarks updates during Tor usage (recommended)</h4></div></div></div><p>Option:
|
|
793
|
794
|
</p><table border="0" summary="Simple list" class="simplelist"><tr><td><span class="command"><strong>extensions.torbutton.disable_livemarks</strong></span></td></tr></table><p>
|
|
794
|
795
|
</p><p>
|
|
795
|
796
|
|
|
...
|
...
|
@@ -804,7 +805,7 @@ service</a> when Tor is enabled.
|
|
804
|
805
|
This helps satisfy the <a class="link" href="#isolation">Network
|
|
805
|
806
|
Isolation</a> and <a class="link" href="#setpreservation">Anonymity Set
|
|
806
|
807
|
Preservation</a> requirements.
|
|
807
|
|
-</p></div><div class="sect3" title="Block Tor/Non-Tor access to network from file:// urls (recommended)"><div class="titlepage"><div><div><h4 class="title"><a id="id2629325"></a>Block Tor/Non-Tor access to network from file:// urls (recommended)</h4></div></div></div><p>Options:
|
|
|
808
|
+</p></div><div class="sect3" title="Block Tor/Non-Tor access to network from file:// urls (recommended)"><div class="titlepage"><div><div><h4 class="title"><a id="id2653969"></a>Block Tor/Non-Tor access to network from file:// urls (recommended)</h4></div></div></div><p>Options:
|
|
808
|
809
|
</p><table border="0" summary="Simple list" class="simplelist"><tr><td><span class="command"><strong>extensions.torbutton.block_tor_file_net</strong></span></td></tr><tr><td><span class="command"><strong>extensions.torbutton.block_nontor_file_net</strong></span></td></tr></table><p>
|
|
809
|
810
|
</p><p>
|
|
810
|
811
|
|
|
...
|
...
|
@@ -824,7 +825,7 @@ Isolation</a> requirement, by preventing file urls from executing network
|
|
824
|
825
|
operations in opposite Tor states. Also, allowing pages to submit arbitrary
|
|
825
|
826
|
files to arbitrary sites just generally seems like a bad idea.
|
|
826
|
827
|
|
|
827
|
|
-</p></div><div class="sect3" title="Close all Tor/Non-Tor tabs and windows on toggle (optional)"><div class="titlepage"><div><div><h4 class="title"><a id="id2629397"></a>Close all Tor/Non-Tor tabs and windows on toggle (optional)</h4></div></div></div><p>Options:
|
|
|
828
|
+</p></div><div class="sect3" title="Close all Tor/Non-Tor tabs and windows on toggle (optional)"><div class="titlepage"><div><div><h4 class="title"><a id="id2654041"></a>Close all Tor/Non-Tor tabs and windows on toggle (optional)</h4></div></div></div><p>Options:
|
|
828
|
829
|
</p><table border="0" summary="Simple list" class="simplelist"><tr><td><span class="command"><strong>extensions.torbutton.close_nontor</strong></span></td></tr><tr><td><span class="command"><strong>extensions.torbutton.close_tor</strong></span></td></tr></table><p>
|
|
829
|
830
|
</p><p>
|
|
830
|
831
|
|
|
...
|
...
|
@@ -848,7 +849,7 @@ out longer than necessary.
|
|
848
|
849
|
While this setting doesn't satisfy any Torbutton requirements, the fact that
|
|
849
|
850
|
cookies are transmitted for partially typed queries does not seem desirable
|
|
850
|
851
|
for Tor usage.
|
|
851
|
|
-</p></div></div><div class="sect2" title="5.3. History and Forms Settings"><div class="titlepage"><div><div><h3 class="title"><a id="id2670963"></a>5.3. History and Forms Settings</h3></div></div></div><div class="sect3" title="Isolate Access to History navigation to Tor state (crucial)"><div class="titlepage"><div><div><h4 class="title"><a id="id2670968"></a>Isolate Access to History navigation to Tor state (crucial)</h4></div></div></div><p>Option: <span class="command"><strong>extensions.torbutton.block_js_history</strong></span></p><p>
|
|
|
852
|
+</p></div></div><div class="sect2" title="5.3. History and Forms Settings"><div class="titlepage"><div><div><h3 class="title"><a id="id2695607"></a>5.3. History and Forms Settings</h3></div></div></div><div class="sect3" title="Isolate Access to History navigation to Tor state (crucial)"><div class="titlepage"><div><div><h4 class="title"><a id="id2695612"></a>Isolate Access to History navigation to Tor state (crucial)</h4></div></div></div><p>Option: <span class="command"><strong>extensions.torbutton.block_js_history</strong></span></p><p>
|
|
852
|
853
|
This setting determines if Torbutton installs an <a class="ulink" href="http://www.oxymoronical.com/experiments/apidocs/interface/nsISHistoryListener" target="_top">nsISHistoryListener</a>
|
|
853
|
854
|
attached to the <a class="ulink" href="http://www.oxymoronical.com/experiments/apidocs/interface/nsISHistory" target="_top">sessionHistory</a> of
|
|
854
|
855
|
of each browser's <a class="ulink" href="https://developer.mozilla.org/en/XUL%3aProperty%3awebNavigation" target="_top">webNavigatator</a>.
|
|
...
|
...
|
@@ -876,7 +877,7 @@ This setting helps to fulfill Torbutton's <a class="link" href="#state">State
|
|
876
|
877
|
Separation</a> and (until Bug 409737 is fixed) <a class="link" href="#isolation">Network Isolation</a>
|
|
877
|
878
|
requirements.
|
|
878
|
879
|
|
|
879
|
|
- </p></div><div class="sect3" title="History Access Settings"><div class="titlepage"><div><div><h4 class="title"><a id="id2671045"></a>History Access Settings</h4></div></div></div><p>Options:
|
|
|
880
|
+ </p></div><div class="sect3" title="History Access Settings"><div class="titlepage"><div><div><h4 class="title"><a id="id2695690"></a>History Access Settings</h4></div></div></div><p>Options:
|
|
880
|
881
|
</p><table border="0" summary="Simple list" class="simplelist"><tr><td><span class="command"><strong>extensions.torbutton.block_thread</strong></span></td></tr><tr><td><span class="command"><strong>extensions.torbutton.block_nthread</strong></span></td></tr><tr><td><span class="command"><strong>extensions.torbutton.block_thwrite</strong></span></td></tr><tr><td><span class="command"><strong>extensions.torbutton.block_nthwrite</strong></span></td></tr></table><p>
|
|
881
|
882
|
</p><p>On Firefox 3.x, these four settings govern the behavior of the <a class="ulink" href="https://gitweb.torproject.org/torbutton.git/blob_plain/HEAD:/src/components/ignore-history.js" target="_top">components/ignore-history.js</a>
|
|
882
|
883
|
history blocker component mentioned above. By hooking the browser's view of
|
|
...
|
...
|
@@ -897,12 +898,12 @@ above prefs. We then only need to link the write prefs to
|
|
897
|
898
|
history store while set.
|
|
898
|
899
|
</p><p>
|
|
899
|
900
|
This setting helps to satisfy the <a class="link" href="#state">State Separation</a> and <a class="link" href="#disk">Disk Avoidance</a> requirements.
|
|
900
|
|
-</p></div><div class="sect3" title="Clear History During Tor Toggle (optional)"><div class="titlepage"><div><div><h4 class="title"><a id="id2671171"></a>Clear History During Tor Toggle (optional)</h4></div></div></div><p>Option: <span class="command"><strong>extensions.torbutton.clear_history</strong></span></p><p>This setting governs if Torbutton calls
|
|
|
901
|
+</p></div><div class="sect3" title="Clear History During Tor Toggle (optional)"><div class="titlepage"><div><div><h4 class="title"><a id="id2695816"></a>Clear History During Tor Toggle (optional)</h4></div></div></div><p>Option: <span class="command"><strong>extensions.torbutton.clear_history</strong></span></p><p>This setting governs if Torbutton calls
|
|
901
|
902
|
<a class="ulink" href="https://developer.mozilla.org/en/nsIBrowserHistory#removeAllPages.28.29" target="_top">nsIBrowserHistory.removeAllPages</a>
|
|
902
|
903
|
and <a class="ulink" href="http://www.oxymoronical.com/experiments/apidocs/interface/nsISHistory" target="_top">nsISHistory.PurgeHistory</a>
|
|
903
|
904
|
for each tab on Tor toggle.</p><p>
|
|
904
|
905
|
This setting is an optional way to help satisfy the <a class="link" href="#state">State Separation</a> requirement.
|
|
905
|
|
-</p></div><div class="sect3" title="Block Password+Form saving during Tor/Non-Tor"><div class="titlepage"><div><div><h4 class="title"><a id="id2671214"></a>Block Password+Form saving during Tor/Non-Tor</h4></div></div></div><p>Options:
|
|
|
906
|
+</p></div><div class="sect3" title="Block Password+Form saving during Tor/Non-Tor"><div class="titlepage"><div><div><h4 class="title"><a id="id2695859"></a>Block Password+Form saving during Tor/Non-Tor</h4></div></div></div><p>Options:
|
|
906
|
907
|
</p><table border="0" summary="Simple list" class="simplelist"><tr><td><span class="command"><strong>extensions.torbutton.block_tforms</strong></span></td></tr><tr><td><span class="command"><strong>extensions.torbutton.block_ntforms</strong></span></td></tr></table><p>
|
|
907
|
908
|
</p><p>These settings govern if Torbutton disables
|
|
908
|
909
|
<span class="command"><strong>browser.formfill.enable</strong></span>
|
|
...
|
...
|
@@ -911,19 +912,19 @@ Since form fields can be read at any time by Javascript, this setting is a lot
|
|
911
|
912
|
more important than it seems.
|
|
912
|
913
|
</p><p>
|
|
913
|
914
|
This setting helps to satisfy the <a class="link" href="#state">State Separation</a> and <a class="link" href="#disk">Disk Avoidance</a> requirements.
|
|
914
|
|
-</p></div></div><div class="sect2" title="5.4. Cache Settings"><div class="titlepage"><div><div><h3 class="title"><a id="id2671276"></a>5.4. Cache Settings</h3></div></div></div><div class="sect3" title="Block Tor disk cache and clear all cache on Tor Toggle"><div class="titlepage"><div><div><h4 class="title"><a id="id2671281"></a>Block Tor disk cache and clear all cache on Tor Toggle</h4></div></div></div><p>Option: <span class="command"><strong>extensions.torbutton.clear_cache</strong></span>
|
|
|
915
|
+</p></div></div><div class="sect2" title="5.4. Cache Settings"><div class="titlepage"><div><div><h3 class="title"><a id="id2695921"></a>5.4. Cache Settings</h3></div></div></div><div class="sect3" title="Block Tor disk cache and clear all cache on Tor Toggle"><div class="titlepage"><div><div><h4 class="title"><a id="id2695926"></a>Block Tor disk cache and clear all cache on Tor Toggle</h4></div></div></div><p>Option: <span class="command"><strong>extensions.torbutton.clear_cache</strong></span>
|
|
915
|
916
|
</p><p>This option causes Torbutton to call <a class="ulink" href="https://developer.mozilla.org/en/nsICacheService#evictEntries.28.29" target="_top">nsICacheService.evictEntries(0)</a>
|
|
916
|
917
|
on Tor toggle to remove all entries from the cache. In addition, this setting
|
|
917
|
918
|
causes Torbutton to set <a class="ulink" href="http://kb.mozillazine.org/Browser.cache.disk.enable" target="_top">browser.cache.disk.enable</a> to false.
|
|
918
|
919
|
</p><p>
|
|
919
|
920
|
This setting helps to satisfy the <a class="link" href="#state">State Separation</a> and <a class="link" href="#disk">Disk Avoidance</a> requirements.
|
|
920
|
|
-</p></div><div class="sect3" title="Block disk and memory cache during Tor"><div class="titlepage"><div><div><h4 class="title"><a id="id2671331"></a>Block disk and memory cache during Tor</h4></div></div></div><p>Option: <span class="command"><strong>extensions.torbutton.block_cache</strong></span></p><p>This setting
|
|
|
921
|
+</p></div><div class="sect3" title="Block disk and memory cache during Tor"><div class="titlepage"><div><div><h4 class="title"><a id="id2695976"></a>Block disk and memory cache during Tor</h4></div></div></div><p>Option: <span class="command"><strong>extensions.torbutton.block_cache</strong></span></p><p>This setting
|
|
921
|
922
|
causes Torbutton to set <a class="ulink" href="http://kb.mozillazine.org/Browser.cache.memory.enable" target="_top">browser.cache.memory.enable</a>,
|
|
922
|
923
|
<a class="ulink" href="http://kb.mozillazine.org/Browser.cache.disk.enable" target="_top">browser.cache.disk.enable</a> and
|
|
923
|
924
|
<a class="ulink" href="http://kb.mozillazine.org/Network.http.use-cache" target="_top">network.http.use-cache</a> to false during tor usage.
|
|
924
|
925
|
</p><p>
|
|
925
|
926
|
This setting helps to satisfy the <a class="link" href="#state">State Separation</a> and <a class="link" href="#disk">Disk Avoidance</a> requirements.
|
|
926
|
|
-</p></div></div><div class="sect2" title="5.5. Cookie and Auth Settings"><div class="titlepage"><div><div><h3 class="title"><a id="id2671385"></a>5.5. Cookie and Auth Settings</h3></div></div></div><div class="sect3" title="Clear Cookies on Tor Toggle"><div class="titlepage"><div><div><h4 class="title"><a id="id2671390"></a>Clear Cookies on Tor Toggle</h4></div></div></div><p>Option: <span class="command"><strong>extensions.torbutton.clear_cookies</strong></span>
|
|
|
927
|
+</p></div></div><div class="sect2" title="5.5. Cookie and Auth Settings"><div class="titlepage"><div><div><h3 class="title"><a id="id2696030"></a>5.5. Cookie and Auth Settings</h3></div></div></div><div class="sect3" title="Clear Cookies on Tor Toggle"><div class="titlepage"><div><div><h4 class="title"><a id="id2696035"></a>Clear Cookies on Tor Toggle</h4></div></div></div><p>Option: <span class="command"><strong>extensions.torbutton.clear_cookies</strong></span>
|
|
927
|
928
|
</p><p>
|
|
928
|
929
|
|
|
929
|
930
|
This setting causes Torbutton to call <a class="ulink" href="https://developer.mozilla.org/en/nsICookieManager#removeAll.28.29" target="_top">nsICookieManager.removeAll()</a> on
|
|
...
|
...
|
@@ -933,7 +934,7 @@ which prevents them from being written to disk.
|
|
933
|
934
|
|
|
934
|
935
|
</p><p>
|
|
935
|
936
|
This setting helps to satisfy the <a class="link" href="#state">State Separation</a> and <a class="link" href="#disk">Disk Avoidance</a> requirements.
|
|
936
|
|
-</p></div><div class="sect3" title="Store Non-Tor cookies in a protected jar"><div class="titlepage"><div><div><h4 class="title"><a id="id2671441"></a>Store Non-Tor cookies in a protected jar</h4></div></div></div><p>Option: <span class="command"><strong>extensions.torbutton.cookie_jars</strong></span>
|
|
|
937
|
+</p></div><div class="sect3" title="Store Non-Tor cookies in a protected jar"><div class="titlepage"><div><div><h4 class="title"><a id="id2696086"></a>Store Non-Tor cookies in a protected jar</h4></div></div></div><p>Option: <span class="command"><strong>extensions.torbutton.cookie_jars</strong></span>
|
|
937
|
938
|
</p><p>
|
|
938
|
939
|
|
|
939
|
940
|
This setting causes Torbutton to use <a class="ulink" href="https://gitweb.torproject.org/torbutton.git/blob_plain/HEAD:/src/components/cookie-jar-selector.js" target="_top">@torproject.org/cookie-jar-selector;2</a> to store
|
|
...
|
...
|
@@ -946,15 +947,15 @@ which prevents them from being written to disk.
|
|
946
|
947
|
|
|
947
|
948
|
</p><p>
|
|
948
|
949
|
This setting helps to satisfy the <a class="link" href="#state">State Separation</a> and <a class="link" href="#disk">Disk Avoidance</a> requirements.
|
|
949
|
|
-</p></div><div class="sect3" title="Store both Non-Tor and Tor cookies in a protected jar (dangerous)"><div class="titlepage"><div><div><h4 class="title"><a id="id2671498"></a>Store both Non-Tor and Tor cookies in a protected jar (dangerous)</h4></div></div></div><p>Option: <span class="command"><strong>extensions.torbutton.dual_cookie_jars</strong></span>
|
|
|
950
|
+</p></div><div class="sect3" title="Store both Non-Tor and Tor cookies in a protected jar (dangerous)"><div class="titlepage"><div><div><h4 class="title"><a id="id2696143"></a>Store both Non-Tor and Tor cookies in a protected jar (dangerous)</h4></div></div></div><p>Option: <span class="command"><strong>extensions.torbutton.dual_cookie_jars</strong></span>
|
|
950
|
951
|
</p><p>
|
|
951
|
952
|
|
|
952
|
953
|
This setting causes Torbutton to use <a class="ulink" href="https://gitweb.torproject.org/torbutton.git/blob_plain/HEAD:/src/components/cookie-jar-selector.js" target="_top">@torproject.org/cookie-jar-selector;2</a> to store
|
|
953
|
954
|
both Tor and Non-Tor cookies into protected jars.
|
|
954
|
955
|
</p><p>
|
|
955
|
956
|
This setting helps to satisfy the <a class="link" href="#state">State Separation</a> requirement.
|
|
956
|
|
-</p></div><div class="sect3" title="Manage My Own Cookies (dangerous)"><div class="titlepage"><div><div><h4 class="title"><a id="id2671540"></a>Manage My Own Cookies (dangerous)</h4></div></div></div><p>Options: None</p><p>This setting disables all Torbutton cookie handling by setting the above
|
|
957
|
|
-cookie prefs all to false.</p></div><div class="sect3" title="Disable DOM Storage during Tor usage (crucial)"><div class="titlepage"><div><div><h4 class="title"><a id="id2671556"></a>Disable DOM Storage during Tor usage (crucial)</h4></div></div></div><div class="sect3" title="Do not write Tor/Non-Tor cookies to disk"><div class="titlepage"><div><div><h4 class="title"><a id="id2671558"></a>Do not write Tor/Non-Tor cookies to disk</h4></div></div></div><p>Options:
|
|
|
957
|
+</p></div><div class="sect3" title="Manage My Own Cookies (dangerous)"><div class="titlepage"><div><div><h4 class="title"><a id="id2696185"></a>Manage My Own Cookies (dangerous)</h4></div></div></div><p>Options: None</p><p>This setting disables all Torbutton cookie handling by setting the above
|
|
|
958
|
+cookie prefs all to false.</p></div><div class="sect3" title="Disable DOM Storage during Tor usage (crucial)"><div class="titlepage"><div><div><h4 class="title"><a id="id2696201"></a>Disable DOM Storage during Tor usage (crucial)</h4></div></div></div><div class="sect3" title="Do not write Tor/Non-Tor cookies to disk"><div class="titlepage"><div><div><h4 class="title"><a id="id2696203"></a>Do not write Tor/Non-Tor cookies to disk</h4></div></div></div><p>Options:
|
|
958
|
959
|
</p><table border="0" summary="Simple list" class="simplelist"><tr><td><span class="command"><strong>extensions.torbutton.tor_memory_jar</strong></span></td></tr><tr><td><span class="command"><strong>extensions.torbutton.nontor_memory_jar</strong></span></td></tr></table><p>
|
|
959
|
960
|
</p><p>
|
|
960
|
961
|
These settings (contributed by arno) cause Torbutton to set <a class="ulink" href="http://kb.mozillazine.org/Network.cookie.lifetimePolicy" target="_top">network.cookie.lifetimePolicy</a>
|
|
...
|
...
|
@@ -974,13 +975,13 @@ usage to prevent
|
|
974
|
975
|
<a class="ulink" href="http://developer.mozilla.org/en/docs/DOM:Storage" target="_top">DOM Storage</a> from
|
|
975
|
976
|
being used to store persistent information across Tor states.</p><p>
|
|
976
|
977
|
This setting helps to satisfy the <a class="link" href="#state">State Separation</a> requirement.
|
|
977
|
|
-</p></div><div class="sect3" title="Clear HTTP Auth on Tor Toggle (recommended)"><div class="titlepage"><div><div><h4 class="title"><a id="id2671659"></a>Clear HTTP Auth on Tor Toggle (recommended)</h4></div></div></div><p>Option: <span class="command"><strong>extensions.torbutton.clear_http_auth</strong></span>
|
|
|
978
|
+</p></div><div class="sect3" title="Clear HTTP Auth on Tor Toggle (recommended)"><div class="titlepage"><div><div><h4 class="title"><a id="id2696304"></a>Clear HTTP Auth on Tor Toggle (recommended)</h4></div></div></div><p>Option: <span class="command"><strong>extensions.torbutton.clear_http_auth</strong></span>
|
|
978
|
979
|
</p><p>
|
|
979
|
980
|
This setting causes Torbutton to call <a class="ulink" href="http://www.oxymoronical.com/experiments/apidocs/interface/nsIHttpAuthManager" target="_top">nsIHttpAuthManager.clearAll()</a>
|
|
980
|
981
|
every time Tor is toggled.
|
|
981
|
982
|
</p><p>
|
|
982
|
983
|
This setting helps to satisfy the <a class="link" href="#state">State Separation</a> requirement.
|
|
983
|
|
-</p></div></div><div class="sect2" title="5.6. Startup Settings"><div class="titlepage"><div><div><h3 class="title"><a id="id2671698"></a>5.6. Startup Settings</h3></div></div></div><div class="sect3" title="On Browser Startup, set Tor state to: Tor, Non-Tor"><div class="titlepage"><div><div><h4 class="title"><a id="id2671703"></a>On Browser Startup, set Tor state to: Tor, Non-Tor</h4></div></div></div><p>Options:
|
|
|
984
|
+</p></div></div><div class="sect2" title="5.6. Startup Settings"><div class="titlepage"><div><div><h3 class="title"><a id="id2696343"></a>5.6. Startup Settings</h3></div></div></div><div class="sect3" title="On Browser Startup, set Tor state to: Tor, Non-Tor"><div class="titlepage"><div><div><h4 class="title"><a id="id2696348"></a>On Browser Startup, set Tor state to: Tor, Non-Tor</h4></div></div></div><p>Options:
|
|
984
|
985
|
<span class="command"><strong>extensions.torbutton.restore_tor</strong></span>
|
|
985
|
986
|
</p><p>This option governs what Tor state tor is loaded in to.
|
|
986
|
987
|
<code class="function">torbutton_set_initial_state()</code> covers the case where the
|
|
...
|
...
|
@@ -994,7 +995,7 @@ setting helps to satisfy the <a class="link" href="#state">State Separation</a>
|
|
994
|
995
|
requirement in the event of Firefox crashes by ensuring all cookies,
|
|
995
|
996
|
settings and saved sessions are reloaded from a fixed Tor state.
|
|
996
|
997
|
|
|
997
|
|
-</p></div><div class="sect3" title="Prevent session store from saving Non-Tor/Tor-loaded tabs"><div class="titlepage"><div><div><h4 class="title"><a id="id2671754"></a>Prevent session store from saving Non-Tor/Tor-loaded tabs</h4></div></div></div><p>Options:
|
|
|
998
|
+</p></div><div class="sect3" title="Prevent session store from saving Non-Tor/Tor-loaded tabs"><div class="titlepage"><div><div><h4 class="title"><a id="id2696399"></a>Prevent session store from saving Non-Tor/Tor-loaded tabs</h4></div></div></div><p>Options:
|
|
998
|
999
|
</p><table border="0" summary="Simple list" class="simplelist"><tr><td><span class="command"><strong>extensions.torbutton.nonontor_sessionstore</strong></span></td></tr><tr><td><span class="command"><strong>extensions.torbutton.notor_sessionstore</strong></span></td></tr></table><p>
|
|
999
|
1000
|
</p><p>If these options are enabled, the <a class="link" href="#tbsessionstore" title="@torproject.org/torbutton-ss-blocker;1">tbSessionStore.js</a> component uses the session
|
|
1000
|
1001
|
store listeners to filter out the appropriate tabs before writing the session
|
|
...
|
...
|
@@ -1004,7 +1005,7 @@ This setting helps to satisfy the <a class="link" href="#disk">Disk Avoidance</a
|
|
1004
|
1005
|
requirement, and also helps to satisfy the <a class="link" href="#state">State Separation</a> requirement in the event of Firefox
|
|
1005
|
1006
|
crashes.
|
|
1006
|
1007
|
|
|
1007
|
|
-</p></div></div><div class="sect2" title="5.7. Shutdown Settings"><div class="titlepage"><div><div><h3 class="title"><a id="id2671812"></a>5.7. Shutdown Settings</h3></div></div></div><div class="sect3" title="Clear cookies on Tor/Non-Tor shutdown"><div class="titlepage"><div><div><h4 class="title"><a id="id2671818"></a>Clear cookies on Tor/Non-Tor shutdown</h4></div></div></div><p>Option: <span class="command"><strong>extensions.torbutton.shutdown_method</strong></span>
|
|
|
1008
|
+</p></div></div><div class="sect2" title="5.7. Shutdown Settings"><div class="titlepage"><div><div><h3 class="title"><a id="id2696457"></a>5.7. Shutdown Settings</h3></div></div></div><div class="sect3" title="Clear cookies on Tor/Non-Tor shutdown"><div class="titlepage"><div><div><h4 class="title"><a id="id2696463"></a>Clear cookies on Tor/Non-Tor shutdown</h4></div></div></div><p>Option: <span class="command"><strong>extensions.torbutton.shutdown_method</strong></span>
|
|
1008
|
1009
|
</p><p> This option variable can actually take 3 values: 0, 1, and 2. 0 means no
|
|
1009
|
1010
|
cookie clearing, 1 means clear only during Tor-enabled shutdown, and 2 means
|
|
1010
|
1011
|
clear for both Tor and Non-Tor shutdown. When set to 1 or 2, Torbutton listens
|
|
...
|
...
|
@@ -1013,7 +1014,7 @@ for the <a class="ulink" href="http://developer.mozilla.org/en/docs/Observer_Not
|
|
1013
|
1014
|
to clear out all cookies and all cookie jars upon shutdown.
|
|
1014
|
1015
|
</p><p>
|
|
1015
|
1016
|
This setting helps to satisfy the <a class="link" href="#state">State Separation</a> requirement.
|
|
1016
|
|
-</p></div></div><div class="sect2" title="5.8. Header Settings"><div class="titlepage"><div><div><h3 class="title"><a id="id2671872"></a>5.8. Header Settings</h3></div></div></div><div class="sect3" title="Set user agent during Tor usage (crucial)"><div class="titlepage"><div><div><h4 class="title"><a id="id2671878"></a>Set user agent during Tor usage (crucial)</h4></div></div></div><p>Options:
|
|
|
1017
|
+</p></div></div><div class="sect2" title="5.8. Header Settings"><div class="titlepage"><div><div><h3 class="title"><a id="id2696517"></a>5.8. Header Settings</h3></div></div></div><div class="sect3" title="Set user agent during Tor usage (crucial)"><div class="titlepage"><div><div><h4 class="title"><a id="id2696523"></a>Set user agent during Tor usage (crucial)</h4></div></div></div><p>Options:
|
|
1017
|
1018
|
</p><table border="0" summary="Simple list" class="simplelist"><tr><td><span class="command"><strong>extensions.torbutton.set_uagent</strong></span></td></tr><tr><td><span class="command"><strong>extensions.torbutton.platform_override</strong></span></td></tr><tr><td><span class="command"><strong>extensions.torbutton.oscpu_override</strong></span></td></tr><tr><td><span class="command"><strong>extensions.torbutton.buildID_override</strong></span></td></tr><tr><td><span class="command"><strong>extensions.torbutton.productsub_override</strong></span></td></tr><tr><td><span class="command"><strong>extensions.torbutton.appname_override</strong></span></td></tr><tr><td><span class="command"><strong>extensions.torbutton.appversion_override</strong></span></td></tr><tr><td><span class="command"><strong>extensions.torbutton.useragent_override</strong></span></td></tr><tr><td><span class="command"><strong>extensions.torbutton.useragent_vendor</strong></span></td></tr><tr><td><span class="command"><strong>extensions.torbutton.useragent_vendorSub</strong></span></td></tr></table><p>
|
|
1018
|
1019
|
</p><p>On face, user agent switching appears to be straight-forward in Firefox.
|
|
1019
|
1020
|
It provides several options for controlling the browser user agent string:
|
|
...
|
...
|
@@ -1037,7 +1038,7 @@ certain resource:// files</a>. These cases are handled by Torbutton's
|
|
1037
|
1038
|
|
|
1038
|
1039
|
</p><p>
|
|
1039
|
1040
|
This setting helps to satisfy the <a class="link" href="#setpreservation">Anonymity Set Preservation</a> requirement.
|
|
1040
|
|
-</p></div><div class="sect3" title="Spoof US English Browser"><div class="titlepage"><div><div><h4 class="title"><a id="id2672052"></a>Spoof US English Browser</h4></div></div></div><p>Options:
|
|
|
1041
|
+</p></div><div class="sect3" title="Spoof US English Browser"><div class="titlepage"><div><div><h4 class="title"><a id="id2696697"></a>Spoof US English Browser</h4></div></div></div><p>Options:
|
|
1041
|
1042
|
</p><table border="0" summary="Simple list" class="simplelist"><tr><td><span class="command"><strong>extensions.torbutton.spoof_english</strong></span></td></tr><tr><td><span class="command"><strong>extensions.torbutton.spoof_charset</strong></span></td></tr><tr><td><span class="command"><strong>extensions.torbutton.spoof_language</strong></span></td></tr></table><p>
|
|
1042
|
1043
|
</p><p> This option causes Torbutton to set
|
|
1043
|
1044
|
<span class="command"><strong>general.useragent.locale</strong></span>
|
|
...
|
...
|
@@ -1048,7 +1049,7 @@ This setting helps to satisfy the <a class="link" href="#setpreservation">Anonym
|
|
1048
|
1049
|
well as hooking <span class="command"><strong>navigator.language</strong></span> via its <a class="link" href="#jshooks" title="Hook Dangerous Javascript">javascript hooks</a>.
|
|
1049
|
1050
|
</p><p>
|
|
1050
|
1051
|
This setting helps to satisfy the <a class="link" href="#setpreservation">Anonymity Set Preservation</a> and <a class="link" href="#location">Location Neutrality</a> requirements.
|
|
1051
|
|
-</p></div><div class="sect3" title="Referer Spoofing Options"><div class="titlepage"><div><div><h4 class="title"><a id="id2672145"></a>Referer Spoofing Options</h4></div></div></div><p>Option: <span class="command"><strong>extensions.torbutton.refererspoof</strong></span>
|
|
|
1052
|
+</p></div><div class="sect3" title="Referer Spoofing Options"><div class="titlepage"><div><div><h4 class="title"><a id="id2696790"></a>Referer Spoofing Options</h4></div></div></div><p>Option: <span class="command"><strong>extensions.torbutton.refererspoof</strong></span>
|
|
1052
|
1053
|
</p><p>
|
|
1053
|
1054
|
This option variable has three values. If it is 0, "smart" referer spoofing is
|
|
1054
|
1055
|
enabled. If it is 1, the referer behaves as normal. If it is 2, no referer is
|
|
...
|
...
|
@@ -1057,8 +1058,8 @@ sent. The default value is 1. The smart referer spoofing is implemented by the
|
|
1057
|
1058
|
|
|
1058
|
1059
|
</p><p>
|
|
1059
|
1060
|
This setting also does not directly satisfy any Torbutton requirement, but
|
|
1060
|
|
-some may desire to mask their referrer for general privacy concerns.
|
|
1061
|
|
-</p></div><div class="sect3" title="Strip platform and language off of Google Search Box queries"><div class="titlepage"><div><div><h4 class="title"><a id="id2672179"></a>Strip platform and language off of Google Search Box queries</h4></div></div></div><p>Option: <span class="command"><strong>extensions.torbutton.fix_google_srch</strong></span>
|
|
|
1061
|
+some may desire to mask their referer for general privacy concerns.
|
|
|
1062
|
+</p></div><div class="sect3" title="Strip platform and language off of Google Search Box queries"><div class="titlepage"><div><div><h4 class="title"><a id="id2696824"></a>Strip platform and language off of Google Search Box queries</h4></div></div></div><p>Option: <span class="command"><strong>extensions.torbutton.fix_google_srch</strong></span>
|
|
1062
|
1063
|
</p><p>
|
|
1063
|
1064
|
|
|
1064
|
1065
|
This option causes Torbutton to use the <a class="ulink" href="https://wiki.mozilla.org/Search_Service:API" target="_top">@mozilla.org/browser/search-service;1</a>
|
|
...
|
...
|
@@ -1068,7 +1069,7 @@ platform information. This setting strips off that info while Tor is enabled.
|
|
1068
|
1069
|
|
|
1069
|
1070
|
</p><p>
|
|
1070
|
1071
|
This setting helps Torbutton to fulfill its <a class="link" href="#setpreservation">Anonymity Set Preservation</a> requirement.
|
|
1071
|
|
-</p></div><div class="sect3" title="Automatically use an alternate search engine when presented with a Google Captcha"><div class="titlepage"><div><div><h4 class="title"><a id="id2672220"></a>Automatically use an alternate search engine when presented with a
|
|
|
1072
|
+</p></div><div class="sect3" title="Automatically use an alternate search engine when presented with a Google Captcha"><div class="titlepage"><div><div><h4 class="title"><a id="id2696865"></a>Automatically use an alternate search engine when presented with a
|
|
1072
|
1073
|
Google Captcha</h4></div></div></div><p>Options:
|
|
1073
|
1074
|
</p><table border="0" summary="Simple list" class="simplelist"><tr><td><span class="command"><strong>extensions.torbutton.asked_google_captcha</strong></span></td></tr><tr><td><span class="command"><strong>extensions.torbutton.dodge_google_captcha</strong></span></td></tr><tr><td><span class="command"><strong>extensions.torbutton.google_redir_url</strong></span></td></tr></table><p>
|
|
1074
|
1075
|
</p><p>
|
|
...
|
...
|
@@ -1093,7 +1094,7 @@ options are duckduckgo.com, ixquick.com, bing.com, yahoo.com and scroogle.org. T
|
|
1093
|
1094
|
encoded in the preferences
|
|
1094
|
1095
|
<span class="command"><strong>extensions.torbutton.redir_url.[1-5]</strong></span>.
|
|
1095
|
1096
|
|
|
1096
|
|
-</p></div><div class="sect3" title="Store SSL/CA Certs in separate jars for Tor/Non-Tor (recommended)"><div class="titlepage"><div><div><h4 class="title"><a id="id2672300"></a>Store SSL/CA Certs in separate jars for Tor/Non-Tor (recommended)</h4></div></div></div><p>Options:
|
|
|
1097
|
+</p></div><div class="sect3" title="Store SSL/CA Certs in separate jars for Tor/Non-Tor (recommended)"><div class="titlepage"><div><div><h4 class="title"><a id="id2696945"></a>Store SSL/CA Certs in separate jars for Tor/Non-Tor (recommended)</h4></div></div></div><p>Options:
|
|
1097
|
1098
|
</p><table border="0" summary="Simple list" class="simplelist"><tr><td><span class="command"><strong>extensions.torbutton.jar_certs</strong></span></td></tr><tr><td><span class="command"><strong>extensions.torbutton.jar_ca_certs</strong></span></td></tr></table><p>
|
|
1098
|
1099
|
</p><p>
|
|
1099
|
1100
|
|
|
...
|
...
|
@@ -1135,14 +1136,6 @@ also be used to <a class="ulink" href="http://pseudo-flaw.net/tor/torbutton/fing
|
|
1135
|
1136
|
Firefox down the to the minor version</a>. Note that his test has not been
|
|
1136
|
1137
|
updated since 3.5.3, hence it reports 3.5.3 for more recent Firefoxes. This
|
|
1137
|
1138
|
bug interferes with Torbutton's ability to satisfy its <a class="link" href="#setpreservation">Anonymity Set Preservation</a> requirement.
|
|
1138
|
|
- </p></li><li class="listitem"><a class="ulink" href="https://bugzilla.mozilla.org/show_bug.cgi?id=280661" target="_top">Bug 280661 - SOCKS proxy server
|
|
1139
|
|
-connection timeout hard-coded</a><p>
|
|
1140
|
|
-
|
|
1141
|
|
-This bug prevents us from using the Firefox SOCKS layer directly, and
|
|
1142
|
|
-currently requires us to ship an auxiliary HTTP proxy called <a class="ulink" href="http://www.pps.jussieu.fr/~jch/software/polipo/" target="_top">Polipo</a>. If this
|
|
1143
|
|
-patch were landed, we would no longer need to ship Polipo, which has a number
|
|
1144
|
|
-of privacy and security issues of its own (in addition to being unmaintained).
|
|
1145
|
|
-
|
|
1146
|
1139
|
</p></li><li class="listitem"><a class="ulink" href="https://bugzilla.mozilla.org/show_bug.cgi?id=418986" target="_top">Bug 418986 - window.screen
|
|
1147
|
1140
|
provides a large amount of identifiable information</a><p>
|
|
1148
|
1141
|
|
|
...
|
...
|
@@ -1202,7 +1195,7 @@ precision timer can still be used to fingerprint aspects of a browser's
|
|
1202
|
1195
|
javascript engine and processor, and apparently also a user's typing cadence.
|
|
1203
|
1196
|
This bug hinders Torbutton's ability to satisfy its <a class="link" href="#setpreservation">Anonymity Set Preservation</a> requirement.
|
|
1204
|
1197
|
|
|
1205
|
|
- </p></li><li class="listitem"><a class="ulink" href="https://bugzilla.mozilla.org/show_bug.cgi?id=122752" target="_top">SOCKS
|
|
|
1198
|
+ </p></li><li class="listitem"><a class="ulink" href="https://bugzilla.mozilla.org/show_bug.cgi?id=122752" target="_top">Bug 122752 - SOCKS
|
|
1206
|
1199
|
Username/Password Support</a><p>
|
|
1207
|
1200
|
We need <a class="ulink" href="https://developer.mozilla.org/en/nsIProxyInfo" target="_top">Firefox
|
|
1208
|
1201
|
APIs</a> or about:config settings to control the SOCKS Username and
|
|
...
|
...
|
@@ -1238,14 +1231,7 @@ requirement on Firefox 3.
|
|
1238
|
1231
|
|
|
1239
|
1232
|
</p></li></ol></div></div><div class="sect2" title="6.2. Bugs blocking functionality"><div class="titlepage"><div><div><h3 class="title"><a id="FirefoxWishlist"></a>6.2. Bugs blocking functionality</h3></div></div></div><p>
|
|
1240
|
1233
|
The following bugs impact Torbutton and similar extensions' functionality.
|
|
1241
|
|
- </p><div class="orderedlist"><ol class="orderedlist" type="1"><li class="listitem"><a class="ulink" href="https://bugzilla.mozilla.org/show_bug.cgi?id=445696" target="_top">Bug 445696 -
|
|
1242
|
|
-Extensions cannot determine if Firefox is full screen</a><p>
|
|
1243
|
|
-
|
|
1244
|
|
-The windowState property of <a class="ulink" href="https://developer.mozilla.org/en/XUL/window" target="_top">ChromeWindows</a> does not accurately reflect the true
|
|
1245
|
|
-state of the window in some cases on Linux. This causes Torbutton to attempt
|
|
1246
|
|
-to resize maximized and minimized windows when it should not.
|
|
1247
|
|
-
|
|
1248
|
|
- </p></li><li class="listitem"><a class="ulink" href="https://bugzilla.mozilla.org/show_bug.cgi?id=629820" target="_top">nsIContentPolicy::shouldLoad not
|
|
|
1234
|
+ </p><div class="orderedlist"><ol class="orderedlist" type="1"><li class="listitem"><a class="ulink" href="https://bugzilla.mozilla.org/show_bug.cgi?id=629820" target="_top">Bug 629820 - nsIContentPolicy::shouldLoad not
|
|
1249
|
1235
|
called for web request in Firefox Mobile</a><p>
|
|
1250
|
1236
|
|
|
1251
|
1237
|
The new <a class="ulink" href="https://wiki.mozilla.org/Mobile/Fennec/Extensions/Electrolysis" target="_top">Electrolysis</a>
|
|
...
|
...
|
@@ -1256,16 +1242,6 @@ HTTPS-Everywhere to Firefox Mobile. It probably also has similar issues with
|
|
1256
|
1242
|
wrapping existing <a class="link" href="#hookedxpcom" title="2.1. Hooked Components">Firefox XPCOM components</a>,
|
|
1257
|
1243
|
which will also cause more problems for porting Torbutton.
|
|
1258
|
1244
|
|
|
1259
|
|
- </p></li><li class="listitem"><a class="ulink" href="https://bugzilla.mozilla.org/show_bug.cgi?id=290456" target="_top">Bug 290456 -
|
|
1260
|
|
-Block/clear Flash MX "cookies" as well</a><p>
|
|
1261
|
|
-
|
|
1262
|
|
-Today, it is possible to allow plugins if you have a transparent proxy such as
|
|
1263
|
|
-<a class="ulink" href="http://anonymityanywhere.com/incognito/" target="_top">Incognito</a> to prevent proxy bypass. However, flash cookies can still be used to
|
|
1264
|
|
-link your Tor and Non-Tor activity, and this reveal your IP to an adversary
|
|
1265
|
|
-that does so. This can be solved by manually removing your flash cookies (like
|
|
1266
|
|
-<a class="ulink" href="https://addons.mozilla.org/en-US/firefox/addon/6623" target="_top">BetterPrivacy</a> does), but
|
|
1267
|
|
-it would be nice if there was a standard way to do this from a Firefox API.
|
|
1268
|
|
-
|
|
1269
|
1245
|
</p></li><li class="listitem"><a class="ulink" href="https://bugzilla.mozilla.org/show_bug.cgi?id=417869" target="_top">Bug 417869 -
|
|
1270
|
1246
|
Browser context is difficult to obtain from many XPCOM callbacks</a><p>
|
|
1271
|
1247
|
|
|
...
|
...
|
@@ -1279,17 +1255,7 @@ FoxyProxy) difficult to impossible to implement securely.
|
|
1279
|
1255
|
The following bugs have an effect upon Torbutton, but are superseded by more
|
|
1280
|
1256
|
practical and more easily fixable variant bugs above; or have stable, simple
|
|
1281
|
1257
|
workarounds.
|
|
1282
|
|
- </p><div class="orderedlist"><ol class="orderedlist" type="1"><li class="listitem"><a class="ulink" href="https://bugzilla.mozilla.org/show_bug.cgi?id=435151" target="_top">Bug 435151 - XPCSafeJSObjectWrapper breaks evalInSandbox</a><p>
|
|
1283
|
|
-
|
|
1284
|
|
-Under Firefox 3, the XPCSafeJSObjectWrapper breaks when you try to use
|
|
1285
|
|
-constructors of classes defined from within the scope of the sandbox, among
|
|
1286
|
|
-other things. This prevents Torbutton from applying the Timezone hooks under
|
|
1287
|
|
-Firefox 3, but a better solution for Torbutton's specific date hooking needs
|
|
1288
|
|
-would be a fix for the above mentioned Bug 392274. Of course, many more
|
|
1289
|
|
-extensions may be interested in the sandbox hooking functionality working
|
|
1290
|
|
-properly though.
|
|
1291
|
|
-
|
|
1292
|
|
- </p></li><li class="listitem"><a class="ulink" href="https://bugzilla.mozilla.org/show_bug.cgi?id=440892" target="_top">Bug 440892 -
|
|
|
1258
|
+ </p><div class="orderedlist"><ol class="orderedlist" type="1"><li class="listitem"><a class="ulink" href="https://bugzilla.mozilla.org/show_bug.cgi?id=440892" target="_top">Bug 440892 -
|
|
1293
|
1259
|
network.protocol-handler.warn-external are ignored</a><p>
|
|
1294
|
1260
|
|
|
1295
|
1261
|
Sometime in the Firefox 3 development cycle, the preferences that governed
|
|
...
|
...
|
@@ -1464,13 +1430,13 @@ or complete, but it is automated and could be turned into something useful
|
|
1464
|
1430
|
with a bit of work.
|
|
1465
|
1431
|
|
|
1466
|
1432
|
</p></li></ol></div><p>
|
|
1467
|
|
- </p></div><div class="sect2" title="7.2. Multi-state testing"><div class="titlepage"><div><div><h3 class="title"><a id="id2673409"></a>7.2. Multi-state testing</h3></div></div></div><p>
|
|
|
1433
|
+ </p></div><div class="sect2" title="7.2. Multi-state testing"><div class="titlepage"><div><div><h3 class="title"><a id="id2698010"></a>7.2. Multi-state testing</h3></div></div></div><p>
|
|
1468
|
1434
|
|
|
1469
|
1435
|
The tests in this section are geared towards a page that would instruct the
|
|
1470
|
1436
|
user to toggle their Tor state after the fetch and perform some operations:
|
|
1471
|
1437
|
mouseovers, stray clicks, and potentially reloads.
|
|
1472
|
1438
|
|
|
1473
|
|
- </p><div class="sect3" title="Cookies and Cache Correlation"><div class="titlepage"><div><div><h4 class="title"><a id="id2673421"></a>Cookies and Cache Correlation</h4></div></div></div><p>
|
|
|
1439
|
+ </p><div class="sect3" title="Cookies and Cache Correlation"><div class="titlepage"><div><div><h4 class="title"><a id="id2698022"></a>Cookies and Cache Correlation</h4></div></div></div><p>
|
|
1474
|
1440
|
The most obvious test is to set a cookie, ask the user to toggle tor, and then
|
|
1475
|
1441
|
have them reload the page. The cookie should no longer be set if they are
|
|
1476
|
1442
|
using the default Torbutton settings. In addition, it is possible to leverage
|
|
...
|
...
|
@@ -1478,11 +1444,11 @@ the cache to <a class="ulink" href="http://crypto.stanford.edu/sameorigin/safeca
|
|
1478
|
1444
|
identifiers</a>. The default settings of Torbutton should also protect
|
|
1479
|
1445
|
against these from persisting across Tor Toggle.
|
|
1480
|
1446
|
|
|
1481
|
|
- </p></div><div class="sect3" title="Javascript timers and event handlers"><div class="titlepage"><div><div><h4 class="title"><a id="id2673444"></a>Javascript timers and event handlers</h4></div></div></div><p>
|
|
|
1447
|
+ </p></div><div class="sect3" title="Javascript timers and event handlers"><div class="titlepage"><div><div><h4 class="title"><a id="id2698045"></a>Javascript timers and event handlers</h4></div></div></div><p>
|
|
1482
|
1448
|
|
|
1483
|
1449
|
Javascript can set timers and register event handlers in the hopes of fetching
|
|
1484
|
1450
|
URLs after the user has toggled Torbutton.
|
|
1485
|
|
- </p></div><div class="sect3" title="CSS Popups and non-script Dynamic Content"><div class="titlepage"><div><div><h4 class="title"><a id="id2673456"></a>CSS Popups and non-script Dynamic Content</h4></div></div></div><p>
|
|
|
1451
|
+ </p></div><div class="sect3" title="CSS Popups and non-script Dynamic Content"><div class="titlepage"><div><div><h4 class="title"><a id="id2698058"></a>CSS Popups and non-script Dynamic Content</h4></div></div></div><p>
|
|
1486
|
1452
|
|
|
1487
|
1453
|
Even if Javascript is disabled, CSS is still able to
|
|
1488
|
1454
|
<a class="ulink" href="http://www.tjkdesign.com/articles/css%20pop%20ups/" target="_top">create popup-like
|
|
...
|
...
|
@@ -1507,7 +1473,7 @@ these attacks, playing with them, and reporting what you find (and potentially
|
|
1507
|
1473
|
submitting the test cases back to be run in the standard batch of Torbutton
|
|
1508
|
1474
|
tests.
|
|
1509
|
1475
|
|
|
1510
|
|
- </p><div class="sect3" title="Some suggested vectors to investigate"><div class="titlepage"><div><div><h4 class="title"><a id="id2673511"></a>Some suggested vectors to investigate</h4></div></div></div><p>
|
|
|
1476
|
+ </p><div class="sect3" title="Some suggested vectors to investigate"><div class="titlepage"><div><div><h4 class="title"><a id="id2698112"></a>Some suggested vectors to investigate</h4></div></div></div><p>
|
|
1511
|
1477
|
</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem">Strange ways to register Javascript <a class="ulink" href="http://en.wikipedia.org/wiki/DOM_Events" target="_top">events</a> and <a class="ulink" href="http://www.devshed.com/c/a/JavaScript/Using-Timers-in-JavaScript/" target="_top">timeouts</a> should
|
|
1512
|
1478
|
be verified to actually be ineffective after Tor has been toggled.</li><li class="listitem">Other ways to cause Javascript to be executed after
|
|
1513
|
1479
|
<span class="command"><strong>javascript.enabled</strong></span> has been toggled off.</li><li class="listitem">Odd ways to attempt to load plugins. Kyle Williams has had
|
|
1514
|
1480
|
|
