Update design html.
Mike Perry

Mike Perry commited on 2011-03-26 01:17:53
Zeige 1 geänderte Dateien mit 71 Einfügungen und 54 Löschungen.

... ...
@@ -1,7 +1,7 @@
1 1
 <?xml version="1.0" encoding="UTF-8"?>
2 2
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
3
-<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Torbutton Design Documentation</title><meta name="generator" content="DocBook XSL Stylesheets V1.75.2" /></head><body><div class="article" title="Torbutton Design Documentation"><div class="titlepage"><div><div><h2 class="title"><a id="design"></a>Torbutton Design Documentation</h2></div><div><div class="author"><h3 class="author"><span class="firstname">Mike</span> <span class="surname">Perry</span></h3><div class="affiliation"><div class="address"><p><code class="email">&lt;<a class="email" href="mailto:mikeperry.fscked/org">mikeperry.fscked/org</a>&gt;</code></p></div></div></div></div><div><p class="pubdate">Mar 25 2011</p></div></div><hr /></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="#id2647809">1. Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="#adversary">1.1. Adversary Model</a></span></dt><dt><span class="sect2"><a href="#requirements">1.2. Torbutton Requirements</a></span></dt><dt><span class="sect2"><a href="#layout">1.3. Extension Layout</a></span></dt></dl></dd><dt><span class="sect1"><a href="#id2662790">2. Components</a></span></dt><dd><dl><dt><span class="sect2"><a href="#id2680078">2.1. Hooked Components</a></span></dt><dt><span class="sect2"><a href="#id2682465">2.2. New Components</a></span></dt></dl></dd><dt><span class="sect1"><a href="#id2684278">3. Chrome</a></span></dt><dd><dl><dt><span class="sect2"><a href="#browseroverlay">3.1. Browser Overlay - torbutton.xul</a></span></dt><dt><span class="sect2"><a href="#id2666921">3.2. Preferences Window - preferences.xul</a></span></dt><dt><span class="sect2"><a href="#id2659528">3.3. Other Windows</a></span></dt></dl></dd><dt><span class="sect1"><a href="#id2650612">4. Toggle Code Path</a></span></dt><dd><dl><dt><span class="sect2"><a href="#id2681148">4.1. Button Click</a></span></dt><dt><span class="sect2"><a href="#id2683321">4.2. Proxy Update</a></span></dt><dt><span class="sect2"><a href="#id2662007">4.3. Settings Update</a></span></dt></dl></dd><dt><span class="sect1"><a href="#id2679416">5. Description of Options</a></span></dt><dd><dl><dt><span class="sect2"><a href="#id2674592">5.1. Test Settings</a></span></dt><dt><span class="sect2"><a href="#plugins">5.2. Disable plugins on Tor Usage (crucial)</a></span></dt><dt><span class="sect2"><a href="#id2658766">5.3. Isolate Dynamic Content to Tor State (crucial)</a></span></dt><dt><span class="sect2"><a href="#jshooks">5.4. Hook Dangerous Javascript</a></span></dt><dt><span class="sect2"><a href="#id2668126">5.5. Resize windows to multiples of 50px during Tor usage (recommended)</a></span></dt><dt><span class="sect2"><a href="#id2660426">5.6. Disable Updates During Tor</a></span></dt><dt><span class="sect2"><a href="#id2644084">5.7. Redirect Torbutton Updates Via Tor (recommended)</a></span></dt><dt><span class="sect2"><a href="#id2644128">5.8. Disable Search Suggestions during Tor (recommended)</a></span></dt><dt><span class="sect2"><a href="#id2644167">5.9. Disable livemarks updates during Tor usage (recommended)</a></span></dt><dt><span class="sect2"><a href="#id2644238">5.10. Block Tor/Non-Tor access to network from file:// urls (recommended)</a></span></dt><dt><span class="sect2"><a href="#id2644310">5.11. Close all Tor/Non-Tor tabs and windows on toggle (optional)</a></span></dt><dt><span class="sect2"><a href="#id2644391">5.12. Isolate Access to History navigation to Tor state (crucial)</a></span></dt><dt><span class="sect2"><a href="#id2644476">5.13. History Access Settings</a></span></dt><dt><span class="sect2"><a href="#id2644588">5.14. Clear History During Tor Toggle (optional)</a></span></dt><dt><span class="sect2"><a href="#id2686134">5.15. Block Password+Form saving during Tor/Non-Tor</a></span></dt><dt><span class="sect2"><a href="#id2686195">5.16. Block Tor disk cache and clear all cache on Tor Toggle</a></span></dt><dt><span class="sect2"><a href="#id2686245">5.17. Block disk and memory cache during Tor</a></span></dt><dt><span class="sect2"><a href="#id2686298">5.18. Clear Cookies on Tor Toggle</a></span></dt><dt><span class="sect2"><a href="#id2686349">5.19. Store Non-Tor cookies in a protected jar</a></span></dt><dt><span class="sect2"><a href="#id2686405">5.20. Store both Non-Tor and Tor cookies in a protected jar (dangerous)</a></span></dt><dt><span class="sect2"><a href="#id2686444">5.21. Manage My Own Cookies (dangerous)</a></span></dt><dt><span class="sect2"><a href="#id2686459">5.22. Disable DOM Storage during Tor usage (crucial)</a></span></dt><dt><span class="sect2"><a href="#id2686563">5.23. Clear HTTP Auth on Tor Toggle (recommended)</a></span></dt><dt><span class="sect2"><a href="#id2686600">5.24. Clear cookies on Tor/Non-Tor shutdown</a></span></dt><dt><span class="sect2"><a href="#id2686655">5.25. Reload cookie jar/clear cookies on Firefox crash</a></span></dt><dt><span class="sect2"><a href="#id2686731">5.26. On crash recovery or session restored startup, restore via: Tor, Non-Tor</a></span></dt><dt><span class="sect2"><a href="#id2686802">5.27. On normal startup, set state to: Tor, Non-Tor, Shutdown State</a></span></dt><dt><span class="sect2"><a href="#id2686861">5.28. Prevent session store from saving Non-Tor/Tor-loaded tabs</a></span></dt><dt><span class="sect2"><a href="#id2686926">5.29. Set user agent during Tor usage (crucial)</a></span></dt><dt><span class="sect2"><a href="#id2687100">5.30. Spoof US English Browser</a></span></dt><dt><span class="sect2"><a href="#id2687193">5.31. Don't send referrer during Tor Usage</a></span></dt><dt><span class="sect2"><a href="#id2687234">5.32. Strip platform and language off of Google Search Box queries</a></span></dt><dt><span class="sect2"><a href="#id2687274">5.33. Automatically use an alternate search engine when presented with a
4
-Google Captcha</a></span></dt><dt><span class="sect2"><a href="#id2687355">5.34. Store SSL/CA Certs in separate jars for Tor/Non-Tor (recommended)</a></span></dt></dl></dd><dt><span class="sect1"><a href="#FirefoxBugs">6. Relevant Firefox Bugs</a></span></dt><dd><dl><dt><span class="sect2"><a href="#FirefoxSecurity">6.1. Bugs impacting security</a></span></dt><dt><span class="sect2"><a href="#FirefoxWishlist">6.2. Bugs blocking functionality</a></span></dt><dt><span class="sect2"><a href="#FirefoxMiscBugs">6.3. Low Priority Bugs</a></span></dt></dl></dd><dt><span class="sect1"><a href="#TestPlan">7. Testing</a></span></dt><dd><dl><dt><span class="sect2"><a href="#SingleStateTesting">7.1. Single state testing</a></span></dt><dt><span class="sect2"><a href="#id2688437">7.2. Multi-state testing</a></span></dt><dt><span class="sect2"><a href="#HackTorbutton">7.3. Active testing (aka How to Hack Torbutton)</a></span></dt></dl></dd></dl></div><div class="sect1" title="1. Introduction"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id2647809"></a>1. Introduction</h2></div></div></div><p>
3
+<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Torbutton Design Documentation</title><meta name="generator" content="DocBook XSL Stylesheets V1.75.2" /></head><body><div class="article" title="Torbutton Design Documentation"><div class="titlepage"><div><div><h2 class="title"><a id="design"></a>Torbutton Design Documentation</h2></div><div><div class="author"><h3 class="author"><span class="firstname">Mike</span> <span class="surname">Perry</span></h3><div class="affiliation"><div class="address"><p><code class="email">&lt;<a class="email" href="mailto:mikeperry.fscked/org">mikeperry.fscked/org</a>&gt;</code></p></div></div></div></div><div><p class="pubdate">Mar 25 2011</p></div></div><hr /></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="#id2940331">1. Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="#adversary">1.1. Adversary Model</a></span></dt><dt><span class="sect2"><a href="#requirements">1.2. Torbutton Requirements</a></span></dt><dt><span class="sect2"><a href="#layout">1.3. Extension Layout</a></span></dt></dl></dd><dt><span class="sect1"><a href="#id2955313">2. Components</a></span></dt><dd><dl><dt><span class="sect2"><a href="#id2972601">2.1. Hooked Components</a></span></dt><dt><span class="sect2"><a href="#id2974988">2.2. New Components</a></span></dt></dl></dd><dt><span class="sect1"><a href="#id2976801">3. Chrome</a></span></dt><dd><dl><dt><span class="sect2"><a href="#browseroverlay">3.1. Browser Overlay - torbutton.xul</a></span></dt><dt><span class="sect2"><a href="#id2959444">3.2. Preferences Window - preferences.xul</a></span></dt><dt><span class="sect2"><a href="#id2952051">3.3. Other Windows</a></span></dt></dl></dd><dt><span class="sect1"><a href="#id2943135">4. Toggle Code Path</a></span></dt><dd><dl><dt><span class="sect2"><a href="#id2973670">4.1. Button Click</a></span></dt><dt><span class="sect2"><a href="#id2975844">4.2. Proxy Update</a></span></dt><dt><span class="sect2"><a href="#id2954530">4.3. Settings Update</a></span></dt></dl></dd><dt><span class="sect1"><a href="#id2971938">5. Description of Options</a></span></dt><dd><dl><dt><span class="sect2"><a href="#id2967115">5.1. Test Settings</a></span></dt><dt><span class="sect2"><a href="#plugins">5.2. Disable plugins on Tor Usage (crucial)</a></span></dt><dt><span class="sect2"><a href="#id2951289">5.3. Isolate Dynamic Content to Tor State (crucial)</a></span></dt><dt><span class="sect2"><a href="#jshooks">5.4. Hook Dangerous Javascript</a></span></dt><dt><span class="sect2"><a href="#id2960649">5.5. Resize windows to multiples of 50px during Tor usage (recommended)</a></span></dt><dt><span class="sect2"><a href="#id2952949">5.6. Disable Updates During Tor</a></span></dt><dt><span class="sect2"><a href="#id2936606">5.7. Redirect Torbutton Updates Via Tor (recommended)</a></span></dt><dt><span class="sect2"><a href="#id2936650">5.8. Disable Search Suggestions during Tor (recommended)</a></span></dt><dt><span class="sect2"><a href="#id2936689">5.9. Disable livemarks updates during Tor usage (recommended)</a></span></dt><dt><span class="sect2"><a href="#id2936761">5.10. Block Tor/Non-Tor access to network from file:// urls (recommended)</a></span></dt><dt><span class="sect2"><a href="#id2936833">5.11. Close all Tor/Non-Tor tabs and windows on toggle (optional)</a></span></dt><dt><span class="sect2"><a href="#id2936914">5.12. Isolate Access to History navigation to Tor state (crucial)</a></span></dt><dt><span class="sect2"><a href="#id2936998">5.13. History Access Settings</a></span></dt><dt><span class="sect2"><a href="#id2937111">5.14. Clear History During Tor Toggle (optional)</a></span></dt><dt><span class="sect2"><a href="#id2978657">5.15. Block Password+Form saving during Tor/Non-Tor</a></span></dt><dt><span class="sect2"><a href="#id2978718">5.16. Block Tor disk cache and clear all cache on Tor Toggle</a></span></dt><dt><span class="sect2"><a href="#id2978768">5.17. Block disk and memory cache during Tor</a></span></dt><dt><span class="sect2"><a href="#id2978820">5.18. Clear Cookies on Tor Toggle</a></span></dt><dt><span class="sect2"><a href="#id2978871">5.19. Store Non-Tor cookies in a protected jar</a></span></dt><dt><span class="sect2"><a href="#id2978928">5.20. Store both Non-Tor and Tor cookies in a protected jar (dangerous)</a></span></dt><dt><span class="sect2"><a href="#id2978967">5.21. Manage My Own Cookies (dangerous)</a></span></dt><dt><span class="sect2"><a href="#id2978982">5.22. Disable DOM Storage during Tor usage (crucial)</a></span></dt><dt><span class="sect2"><a href="#id2979086">5.23. Clear HTTP Auth on Tor Toggle (recommended)</a></span></dt><dt><span class="sect2"><a href="#id2979123">5.24. Clear cookies on Tor/Non-Tor shutdown</a></span></dt><dt><span class="sect2"><a href="#id2979178">5.25. Reload cookie jar/clear cookies on Firefox crash</a></span></dt><dt><span class="sect2"><a href="#id2979253">5.26. On crash recovery or session restored startup, restore via: Tor, Non-Tor</a></span></dt><dt><span class="sect2"><a href="#id2979325">5.27. On normal startup, set state to: Tor, Non-Tor, Shutdown State</a></span></dt><dt><span class="sect2"><a href="#id2979384">5.28. Prevent session store from saving Non-Tor/Tor-loaded tabs</a></span></dt><dt><span class="sect2"><a href="#id2979449">5.29. Set user agent during Tor usage (crucial)</a></span></dt><dt><span class="sect2"><a href="#id2979623">5.30. Spoof US English Browser</a></span></dt><dt><span class="sect2"><a href="#id2979716">5.31. Don't send referrer during Tor Usage</a></span></dt><dt><span class="sect2"><a href="#id2979756">5.32. Strip platform and language off of Google Search Box queries</a></span></dt><dt><span class="sect2"><a href="#id2979797">5.33. Automatically use an alternate search engine when presented with a
4
+Google Captcha</a></span></dt><dt><span class="sect2"><a href="#id2979878">5.34. Store SSL/CA Certs in separate jars for Tor/Non-Tor (recommended)</a></span></dt></dl></dd><dt><span class="sect1"><a href="#FirefoxBugs">6. Relevant Firefox Bugs</a></span></dt><dd><dl><dt><span class="sect2"><a href="#FirefoxSecurity">6.1. Bugs impacting security</a></span></dt><dt><span class="sect2"><a href="#FirefoxWishlist">6.2. Bugs blocking functionality</a></span></dt><dt><span class="sect2"><a href="#FirefoxMiscBugs">6.3. Low Priority Bugs</a></span></dt></dl></dd><dt><span class="sect1"><a href="#TestPlan">7. Testing</a></span></dt><dd><dl><dt><span class="sect2"><a href="#SingleStateTesting">7.1. Single state testing</a></span></dt><dt><span class="sect2"><a href="#id2980994">7.2. Multi-state testing</a></span></dt><dt><span class="sect2"><a href="#HackTorbutton">7.3. Active testing (aka How to Hack Torbutton)</a></span></dt></dl></dd></dl></div><div class="sect1" title="1. Introduction"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id2940331"></a>1. Introduction</h2></div></div></div><p>
5 5
 
6 6
 This document describes the goals, operation, and testing procedures of the
7 7
 Torbutton Firefox extension. It is current as of Torbutton 1.2.5.
... ...
@@ -232,13 +232,13 @@ obsolete and deprecated interfaces and has proved to be less than
232 232
 stable.</p><p>'Chrome' is a combination of XML and Javascript used to describe a window.
233 233
 Extensions are allowed to create 'overlays' that are 'bound' to existing XML
234 234
 window definitions, or they can create their own windows. The DTD for this XML
235
-is called <a class="ulink" href="http://developer.mozilla.org/en/docs/XUL_Reference" target="_top">XUL</a>.</p></div></div><div class="sect1" title="2. Components"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id2662790"></a>2. Components</h2></div></div></div><p>
235
+is called <a class="ulink" href="http://developer.mozilla.org/en/docs/XUL_Reference" target="_top">XUL</a>.</p></div></div><div class="sect1" title="2. Components"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id2955313"></a>2. Components</h2></div></div></div><p>
236 236
 
237 237
 Torbutton installs components for two purposes: hooking existing components to
238 238
 reimplement their interfaces; and creating new components that provide
239 239
 services to other pieces of the extension.
240 240
 
241
-  </p><div class="sect2" title="2.1. Hooked Components"><div class="titlepage"><div><div><h3 class="title"><a id="id2680078"></a>2.1. Hooked Components</h3></div></div></div><p>Torbutton makes extensive use of Contract ID hooking, and implements some
241
+  </p><div class="sect2" title="2.1. Hooked Components"><div class="titlepage"><div><div><h3 class="title"><a id="id2972601"></a>2.1. Hooked Components</h3></div></div></div><p>Torbutton makes extensive use of Contract ID hooking, and implements some
242 242
 of its own standalone components as well.  Let's discuss the hooked components
243 243
 first.</p><div class="sect3" title="@mozilla.org/browser/sessionstore;1 - components/nsSessionStore36.js"><div class="titlepage"><div><div><h4 class="title"><a id="sessionstore"></a><a class="ulink" href="http://developer.mozilla.org/en/docs/nsISessionStore" target="_top">@mozilla.org/browser/sessionstore;1</a> -
244 244
 <a class="ulink" href="https://git.torproject.org/checkout/torbutton/master/src/components/nsSessionStore36.js" target="_top">components/nsSessionStore36.js</a></h4></div></div></div><p>These components address the <a class="link" href="#disk">Disk Avoidance</a>
... ...
@@ -267,7 +267,7 @@ do not obey proxy settings, they can be manipulated to automatically connect
267 267
 back to arbitrary servers outside of Tor with no user intervention. Fixing
268 268
 this issue helps to satisfy Torbutton's <a class="link" href="#proxy">Proxy
269 269
 Obedience</a> Requirement.
270
- </p></div><div class="sect3" title="@mozilla.org/browser/sessionstartup;1 - components/crash-observer.js"><div class="titlepage"><div><div><h4 class="title"><a id="id2658953"></a><a class="ulink" href="http://lxr.mozilla.org/seamonkey/source/browser/components/sessionstore/src/nsSessionStartup.js" target="_top">@mozilla.org/browser/sessionstartup;1</a> -
270
+ </p></div><div class="sect3" title="@mozilla.org/browser/sessionstartup;1 - components/crash-observer.js"><div class="titlepage"><div><div><h4 class="title"><a id="id2951475"></a><a class="ulink" href="http://lxr.mozilla.org/seamonkey/source/browser/components/sessionstore/src/nsSessionStartup.js" target="_top">@mozilla.org/browser/sessionstartup;1</a> -
271 271
     <a class="ulink" href="https://git.torproject.org/checkout/torbutton/master/src/components/crash-observer.js" target="_top">components/crash-observer.js</a></h4></div></div></div><p>This component wraps the Firefox Session Startup component that is in
272 272
 charge of <a class="ulink" href="http://developer.mozilla.org/en/docs/Session_store_API" target="_top">restoring saved
273 273
 sessions</a>. The wrapper's only job is to intercept the
... ...
@@ -281,7 +281,7 @@ includes setting the Tor state to the one the user selected for crash recovery
281 281
 in the preferences window (<span class="command"><strong>extensions.torbutton.restore_tor</strong></span>), and
282 282
 restoring cookies for the corresponding cookie jar, if it exists.</p><p>By performing this notification, this component assists in the 
283 283
 <a class="link" href="#proxy">Proxy Obedience</a>, and <a class="link" href="#isolation">Network Isolation</a> requirements.
284
-</p></div><div class="sect3" title="@mozilla.org/browser/global-history;2 - components/ignore-history.js"><div class="titlepage"><div><div><h4 class="title"><a id="id2679280"></a><a class="ulink" href="http://www.oxymoronical.com/experiments/xpcomref/applications/Firefox/3.5/components/%40mozilla.org/browser/global-history;2" target="_top">@mozilla.org/browser/global-history;2</a>
284
+</p></div><div class="sect3" title="@mozilla.org/browser/global-history;2 - components/ignore-history.js"><div class="titlepage"><div><div><h4 class="title"><a id="id2971802"></a><a class="ulink" href="http://www.oxymoronical.com/experiments/xpcomref/applications/Firefox/3.5/components/%40mozilla.org/browser/global-history;2" target="_top">@mozilla.org/browser/global-history;2</a>
285 285
 - <a class="ulink" href="https://git.torproject.org/checkout/torbutton/master/src/components/ignore-history.js" target="_top">components/ignore-history.js</a></h4></div></div></div><p>This component was contributed by <a class="ulink" href="http://www.collinjackson.com/" target="_top">Collin Jackson</a> as a method for defeating
286 286
 CSS and Javascript-based methods of history disclosure. The global-history
287 287
 component is what is used by Firefox to determine if a link was visited or not
... ...
@@ -306,9 +306,9 @@ firing in the event the browser starts in Tor mode.
306 306
 This component helps satisfy the <a class="link" href="#isolation">Network
307 307
 Isolation</a> and <a class="link" href="#setpreservation">Anonymity Set
308 308
 Preservation</a> requirements.
309
-</p></div></div><div class="sect2" title="2.2. New Components"><div class="titlepage"><div><div><h3 class="title"><a id="id2682465"></a>2.2. New Components</h3></div></div></div><p>Torbutton creates four new components that are used throughout the
309
+</p></div></div><div class="sect2" title="2.2. New Components"><div class="titlepage"><div><div><h3 class="title"><a id="id2974988"></a>2.2. New Components</h3></div></div></div><p>Torbutton creates four new components that are used throughout the
310 310
 extension. These components do not hook any interfaces, nor are they used
311
-anywhere besides Torbutton itself.</p><div class="sect3" title="@torproject.org/cookie-jar-selector;2 - components/cookie-jar-selector.js"><div class="titlepage"><div><div><h4 class="title"><a id="id2658495"></a><a class="ulink" href="https://git.torproject.org/checkout/torbutton/master/src/components/cookie-jar-selector.js" target="_top">@torproject.org/cookie-jar-selector;2
311
+anywhere besides Torbutton itself.</p><div class="sect3" title="@torproject.org/cookie-jar-selector;2 - components/cookie-jar-selector.js"><div class="titlepage"><div><div><h4 class="title"><a id="id2951018"></a><a class="ulink" href="https://git.torproject.org/checkout/torbutton/master/src/components/cookie-jar-selector.js" target="_top">@torproject.org/cookie-jar-selector;2
312 312
 - components/cookie-jar-selector.js</a></h4></div></div></div><p>The cookie jar selector (also based on code from <a class="ulink" href="http://www.collinjackson.com/" target="_top">Collin
313 313
 Jackson</a>) is used by the Torbutton chrome to switch between
314 314
 Tor and Non-Tor cookies. Its operations are simple: sync cookies to disk, then
... ...
@@ -317,7 +317,7 @@ move the current cookies.txt file to the appropriate backup location
317 317
 into place.</p><p>
318 318
 This component helps to address the <a class="link" href="#state">State
319 319
 Isolation</a> requirement of Torbutton.
320
-</p></div><div class="sect3" title="@torproject.org/torbutton-logger;1 - components/torbutton-logger.js"><div class="titlepage"><div><div><h4 class="title"><a id="id2683046"></a><a class="ulink" href="https://git.torproject.org/checkout/torbutton/master/src/components/torbutton-logger.js" target="_top">@torproject.org/torbutton-logger;1
320
+</p></div><div class="sect3" title="@torproject.org/torbutton-logger;1 - components/torbutton-logger.js"><div class="titlepage"><div><div><h4 class="title"><a id="id2975569"></a><a class="ulink" href="https://git.torproject.org/checkout/torbutton/master/src/components/torbutton-logger.js" target="_top">@torproject.org/torbutton-logger;1
321 321
 - components/torbutton-logger.js</a></h4></div></div></div><p>The torbutton logger component allows on-the-fly redirection of torbutton
322 322
 logging messages to either Firefox stderr
323 323
 (<span class="command"><strong>extensions.torbutton.logmethod=0</strong></span>), the Javascript error console
... ...
@@ -369,7 +369,7 @@ reason are not passed to the Firefox content policy itself (see Firefox Bugs
369 369
 </p><p>
370 370
 
371 371
 This helps to fulfill both the <a class="link" href="#setpreservation">Anonymity Set Preservation</a> and the <a class="link" href="#undiscoverability">Tor Undiscoverability</a> requirements of
372
-Torbutton.</p></div></div></div><div class="sect1" title="3. Chrome"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id2684278"></a>3. Chrome</h2></div></div></div><p>The chrome is where all the torbutton graphical elements and windows are
372
+Torbutton.</p></div></div></div><div class="sect1" title="3. Chrome"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id2976801"></a>3. Chrome</h2></div></div></div><p>The chrome is where all the torbutton graphical elements and windows are
373 373
 located. Each window is described as an <a class="ulink" href="http://developer.mozilla.org/en/docs/XUL_Reference" target="_top">XML file</a>, with zero or more Javascript
374 374
 files attached. The scope of these Javascript files is their containing
375 375
 window.</p><div class="sect2" title="3.1. Browser Overlay - torbutton.xul"><div class="titlepage"><div><div><h3 class="title"><a id="browseroverlay"></a>3.1. Browser Overlay - <a class="ulink" href="https://git.torproject.org/checkout/torbutton/master/src/chrome/content/torbutton.xul" target="_top">torbutton.xul</a></h3></div></div></div><p>The browser overlay, torbutton.xul, defines the toolbar button, the status
... ...
@@ -496,9 +496,9 @@ enabled. This helps Torbutton fulfill its <a class="link" href="#disk">Disk
496 496
 Avoidance</a> and <a class="link" href="#state">State Separation</a>
497 497
 requirements.
498 498
 
499
-   </p></li></ol></div></div><div class="sect2" title="3.2. Preferences Window - preferences.xul"><div class="titlepage"><div><div><h3 class="title"><a id="id2666921"></a>3.2. Preferences Window - <a class="ulink" href="https://git.torproject.org/checkout/torbutton/master/src/chrome/content/preferences.xul" target="_top">preferences.xul</a></h3></div></div></div><p>The preferences window of course lays out the Torbutton preferences, with
500
-handlers located in <a class="ulink" href="https://git.torproject.org/checkout/torbutton/master/src/chrome/content/preferences.js" target="_top">chrome/content/preferences.js</a>.</p></div><div class="sect2" title="3.3. Other Windows"><div class="titlepage"><div><div><h3 class="title"><a id="id2659528"></a>3.3. Other Windows</h3></div></div></div><p>There are additional windows that describe popups for right clicking on
501
-the status bar, the toolbutton, and the about page.</p></div></div><div class="sect1" title="4. Toggle Code Path"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id2650612"></a>4. Toggle Code Path</h2></div></div></div><p>
499
+   </p></li></ol></div></div><div class="sect2" title="3.2. Preferences Window - preferences.xul"><div class="titlepage"><div><div><h3 class="title"><a id="id2959444"></a>3.2. Preferences Window - <a class="ulink" href="https://git.torproject.org/checkout/torbutton/master/src/chrome/content/preferences.xul" target="_top">preferences.xul</a></h3></div></div></div><p>The preferences window of course lays out the Torbutton preferences, with
500
+handlers located in <a class="ulink" href="https://git.torproject.org/checkout/torbutton/master/src/chrome/content/preferences.js" target="_top">chrome/content/preferences.js</a>.</p></div><div class="sect2" title="3.3. Other Windows"><div class="titlepage"><div><div><h3 class="title"><a id="id2952051"></a>3.3. Other Windows</h3></div></div></div><p>There are additional windows that describe popups for right clicking on
501
+the status bar, the toolbutton, and the about page.</p></div></div><div class="sect1" title="4. Toggle Code Path"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id2943135"></a>4. Toggle Code Path</h2></div></div></div><p>
502 502
 
503 503
 The act of toggling is connected to <code class="function">torbutton_toggle()</code>
504 504
 via the <a class="ulink" href="https://git.torproject.org/checkout/torbutton/master/src/chrome/content/torbutton.xul" target="_top">torbutton.xul</a>
... ...
@@ -519,7 +519,7 @@ conditions and leakage, especially with <a class="ulink" href="https://bugzilla.
519 519
 409737</a> unfixed. The content policy does not allow any network activity
520 520
 whatsoever during this three stage transition.
521 521
 
522
- </p><div class="sect2" title="4.1. Button Click"><div class="titlepage"><div><div><h3 class="title"><a id="id2681148"></a>4.1. Button Click</h3></div></div></div><p>
522
+ </p><div class="sect2" title="4.1. Button Click"><div class="titlepage"><div><div><h3 class="title"><a id="id2973670"></a>4.1. Button Click</h3></div></div></div><p>
523 523
 
524 524
 This is the first step in the toggling process. When the user clicks the
525 525
 toggle button or the toolbar, <code class="function">torbutton_toggle()</code> is
... ...
@@ -532,7 +532,7 @@ observer</a>
532 532
 <span class="command"><strong>torbutton_unique_pref_observer</strong></span> to perform the rest of the
533 533
 toggle.
534 534
 
535
-  </p></div><div class="sect2" title="4.2. Proxy Update"><div class="titlepage"><div><div><h3 class="title"><a id="id2683321"></a>4.2. Proxy Update</h3></div></div></div><p>
535
+  </p></div><div class="sect2" title="4.2. Proxy Update"><div class="titlepage"><div><div><h3 class="title"><a id="id2975844"></a>4.2. Proxy Update</h3></div></div></div><p>
536 536
 
537 537
 When Torbutton receives any proxy change notifications via its
538 538
 <span class="command"><strong>torbutton_unique_pref_observer</strong></span>, it calls
... ...
@@ -547,7 +547,7 @@ value. This is decoupled from the button click functionalty via the pref
547 547
 observer so that other addons (such as SwitchProxy) can switch the proxy
548 548
 settings between multiple proxies.
549 549
 
550
-  </p></div><div class="sect2" title="4.3. Settings Update"><div class="titlepage"><div><div><h3 class="title"><a id="id2662007"></a>4.3. Settings Update</h3></div></div></div><p>
550
+  </p></div><div class="sect2" title="4.3. Settings Update"><div class="titlepage"><div><div><h3 class="title"><a id="id2954530"></a>4.3. Settings Update</h3></div></div></div><p>
551 551
 
552 552
 The next stage is also handled by
553 553
 <code class="function">torbutton_update_status()</code>. This function sets scores of
... ...
@@ -558,10 +558,10 @@ end of its work, it sets
558 558
 <span class="command"><strong>extensions.torbutton.settings_applied</strong></span>, which signifies the
559 559
 completion of the toggle operation to the <a class="link" href="#contentpolicy" title="@torproject.org/cssblocker;1 - components/cssblocker.js">content policy</a>.
560 560
 
561
-  </p></div></div><div class="sect1" title="5. Description of Options"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id2679416"></a>5. Description of Options</h2></div></div></div><p>This section provides a detailed description of Torbutton's options. Each
561
+  </p></div></div><div class="sect1" title="5. Description of Options"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id2971938"></a>5. Description of Options</h2></div></div></div><p>This section provides a detailed description of Torbutton's options. Each
562 562
 option is presented as the string from the preferences window, a summary, the
563 563
 preferences it touches, and the effect this has on the components, chrome, and
564
-browser properties.</p><div class="sect2" title="5.1. Test Settings"><div class="titlepage"><div><div><h3 class="title"><a id="id2674592"></a>5.1. Test Settings</h3></div></div></div><p>
564
+browser properties.</p><div class="sect2" title="5.1. Test Settings"><div class="titlepage"><div><div><h3 class="title"><a id="id2967115"></a>5.1. Test Settings</h3></div></div></div><p>
565 565
 This button under the Proxy Settings tab provides a way to verify that the 
566 566
 proxy settings are correct, and actually do route through the Tor network. It
567 567
 performs this check by issuing an <a class="ulink" href="http://developer.mozilla.org/en/docs/XMLHttpRequest" target="_top">XMLHTTPRequest</a>
... ...
@@ -620,7 +620,7 @@ all this and the plugin managed to find some way to load.
620 620
 Since most plugins completely ignore browser proxy settings, the actions
621 621
 performed by this setting are crucial to satisfying the <a class="link" href="#proxy">Proxy Obedience</a> requirement.
622 622
 
623
- </p></div><div class="sect2" title="5.3. Isolate Dynamic Content to Tor State (crucial)"><div class="titlepage"><div><div><h3 class="title"><a id="id2658766"></a>5.3. Isolate Dynamic Content to Tor State (crucial)</h3></div></div></div><p>Option: <span class="command"><strong>extensions.torbutton.isolate_content</strong></span></p><p>Enabling this preference is what enables the <a class="ulink" href="https://git.torproject.org/checkout/torbutton/master/src/components/cssblocker.js" target="_top">@torproject.org/cssblocker;1</a> content policy
623
+ </p></div><div class="sect2" title="5.3. Isolate Dynamic Content to Tor State (crucial)"><div class="titlepage"><div><div><h3 class="title"><a id="id2951289"></a>5.3. Isolate Dynamic Content to Tor State (crucial)</h3></div></div></div><p>Option: <span class="command"><strong>extensions.torbutton.isolate_content</strong></span></p><p>Enabling this preference is what enables the <a class="ulink" href="https://git.torproject.org/checkout/torbutton/master/src/components/cssblocker.js" target="_top">@torproject.org/cssblocker;1</a> content policy
624 624
 mentioned above, and causes it to block content load attempts in pages an
625 625
 opposite Tor state from the current state. Freshly loaded <a class="ulink" href="https://developer.mozilla.org/en/XUL/tabbrowser" target="_top">browser
626 626
 tabs</a> are tagged
... ...
@@ -672,7 +672,7 @@ We are still looking for a workaround as of Torbutton 1.2.5.
672 672
 
673 673
 
674 674
 
675
-</p></div><div class="sect2" title="5.5. Resize windows to multiples of 50px during Tor usage (recommended)"><div class="titlepage"><div><div><h3 class="title"><a id="id2668126"></a>5.5. Resize windows to multiples of 50px during Tor usage (recommended)</h3></div></div></div><p>Option: <span class="command"><strong>extensions.torbutton.resize_windows</strong></span></p><p>
675
+</p></div><div class="sect2" title="5.5. Resize windows to multiples of 50px during Tor usage (recommended)"><div class="titlepage"><div><div><h3 class="title"><a id="id2960649"></a>5.5. Resize windows to multiples of 50px during Tor usage (recommended)</h3></div></div></div><p>Option: <span class="command"><strong>extensions.torbutton.resize_windows</strong></span></p><p>
676 676
 
677 677
 This option drastically cuts down on the number of distinct anonymity sets
678 678
 that divide the Tor web userbase. Without this setting, the dimensions for a
... ...
@@ -707,7 +707,7 @@ infer toolbar size/presence by the distance to the nearest 50 pixel roundoff).
707 707
 
708 708
 </p><p>
709 709
 This setting helps to meet the <a class="link" href="#setpreservation">Anonymity Set Preservation</a> requirements.
710
-</p></div><div class="sect2" title="5.6. Disable Updates During Tor"><div class="titlepage"><div><div><h3 class="title"><a id="id2660426"></a>5.6. Disable Updates During Tor</h3></div></div></div><p>Option: <span class="command"><strong>extensions.torbutton.no_updates</strong></span></p><p>This setting causes Torbutton to disable the four <a class="ulink" href="http://wiki.mozilla.org/Update:Users/Checking_For_Updates#Preference_Controls_and_State" target="_top">Firefox
710
+</p></div><div class="sect2" title="5.6. Disable Updates During Tor"><div class="titlepage"><div><div><h3 class="title"><a id="id2952949"></a>5.6. Disable Updates During Tor</h3></div></div></div><p>Option: <span class="command"><strong>extensions.torbutton.no_updates</strong></span></p><p>This setting causes Torbutton to disable the four <a class="ulink" href="http://wiki.mozilla.org/Update:Users/Checking_For_Updates#Preference_Controls_and_State" target="_top">Firefox
711 711
 update settings</a> during Tor
712 712
   usage: <span class="command"><strong>extensions.update.enabled</strong></span>,
713 713
 <span class="command"><strong>app.update.enabled</strong></span>,
... ...
@@ -717,7 +717,7 @@ update settings</a> during Tor
717 717
   checking for search plugin updates while Tor is enabled.
718 718
   </p><p>
719 719
 This setting satisfies the <a class="link" href="#updates">Update Safety</a> requirement.
720
-</p></div><div class="sect2" title="5.7. Redirect Torbutton Updates Via Tor (recommended)"><div class="titlepage"><div><div><h3 class="title"><a id="id2644084"></a>5.7. Redirect Torbutton Updates Via Tor (recommended)</h3></div></div></div><p>Option: <span class="command"><strong>extensions.torbutton.update_torbutton_via_tor</strong></span></p><p>This setting causes Torbutton to install an
720
+</p></div><div class="sect2" title="5.7. Redirect Torbutton Updates Via Tor (recommended)"><div class="titlepage"><div><div><h3 class="title"><a id="id2936606"></a>5.7. Redirect Torbutton Updates Via Tor (recommended)</h3></div></div></div><p>Option: <span class="command"><strong>extensions.torbutton.update_torbutton_via_tor</strong></span></p><p>This setting causes Torbutton to install an
721 721
 
722 722
 <a class="ulink" href="https://developer.mozilla.org/en/nsIProtocolProxyFilter" target="_top">nsIProtocolProxyFilter</a>
723 723
 in order to redirect all version update checks and Torbutton update downloads
... ...
@@ -726,7 +726,7 @@ concerns about data retention done by <a class="ulink" href="https://www.addons.
726 726
 help censored users meet the <a class="link" href="#undiscoverability">Tor
727 727
 Undiscoverability</a> requirement.
728 728
 
729
-  </p></div><div class="sect2" title="5.8. Disable Search Suggestions during Tor (recommended)"><div class="titlepage"><div><div><h3 class="title"><a id="id2644128"></a>5.8. Disable Search Suggestions during Tor (recommended)</h3></div></div></div><p>Option: <span class="command"><strong>extensions.torbutton.no_search</strong></span></p><p>
729
+  </p></div><div class="sect2" title="5.8. Disable Search Suggestions during Tor (recommended)"><div class="titlepage"><div><div><h3 class="title"><a id="id2936650"></a>5.8. Disable Search Suggestions during Tor (recommended)</h3></div></div></div><p>Option: <span class="command"><strong>extensions.torbutton.no_search</strong></span></p><p>
730 730
 This setting causes Torbutton to disable <a class="ulink" href="http://kb.mozillazine.org/Browser.search.suggest.enabled" target="_top"><span class="command"><strong>browser.search.suggest.enabled</strong></span></a>
731 731
 during Tor usage.
732 732
 This governs if you get Google search suggestions during Tor
... ...
@@ -737,7 +737,7 @@ this is recommended to be disabled.
737 737
 While this setting doesn't satisfy any Torbutton requirements, the fact that
738 738
 cookies are transmitted for partially typed queries does not seem desirable
739 739
 for Tor usage.
740
-</p></div><div class="sect2" title="5.9. Disable livemarks updates during Tor usage (recommended)"><div class="titlepage"><div><div><h3 class="title"><a id="id2644167"></a>5.9. Disable livemarks updates during Tor usage (recommended)</h3></div></div></div><p>Option:
740
+</p></div><div class="sect2" title="5.9. Disable livemarks updates during Tor usage (recommended)"><div class="titlepage"><div><div><h3 class="title"><a id="id2936689"></a>5.9. Disable livemarks updates during Tor usage (recommended)</h3></div></div></div><p>Option:
741 741
    </p><table border="0" summary="Simple list" class="simplelist"><tr><td><span class="command"><strong>extensions.torbutton.disable_livemarks</strong></span></td></tr></table><p>
742 742
   </p><p>
743 743
 This option causes Torbutton to prevent Firefox from loading <a class="ulink" href="http://www.mozilla.com/firefox/livebookmarks.html" target="_top">Livemarks</a> during
... ...
@@ -751,7 +751,7 @@ service</a> when Tor is enabled.
751 751
 This helps satisfy the <a class="link" href="#isolation">Network
752 752
 Isolation</a> and <a class="link" href="#setpreservation">Anonymity Set
753 753
 Preservation</a> requirements.
754
-</p></div><div class="sect2" title="5.10. Block Tor/Non-Tor access to network from file:// urls (recommended)"><div class="titlepage"><div><div><h3 class="title"><a id="id2644238"></a>5.10. Block Tor/Non-Tor access to network from file:// urls (recommended)</h3></div></div></div><p>Options:
754
+</p></div><div class="sect2" title="5.10. Block Tor/Non-Tor access to network from file:// urls (recommended)"><div class="titlepage"><div><div><h3 class="title"><a id="id2936761"></a>5.10. Block Tor/Non-Tor access to network from file:// urls (recommended)</h3></div></div></div><p>Options:
755 755
    </p><table border="0" summary="Simple list" class="simplelist"><tr><td><span class="command"><strong>extensions.torbutton.block_tor_file_net</strong></span></td></tr><tr><td><span class="command"><strong>extensions.torbutton.block_nontor_file_net</strong></span></td></tr></table><p>
756 756
   </p><p>
757 757
 
... ...
@@ -771,7 +771,7 @@ Isolation</a> requirement, by preventing file urls from executing network
771 771
 operations in opposite Tor states. Also, allowing pages to submit arbitrary
772 772
 files to arbitrary sites just generally seems like a bad idea.
773 773
 
774
-</p></div><div class="sect2" title="5.11. Close all Tor/Non-Tor tabs and windows on toggle (optional)"><div class="titlepage"><div><div><h3 class="title"><a id="id2644310"></a>5.11. Close all Tor/Non-Tor tabs and windows on toggle (optional)</h3></div></div></div><p>Options:
774
+</p></div><div class="sect2" title="5.11. Close all Tor/Non-Tor tabs and windows on toggle (optional)"><div class="titlepage"><div><div><h3 class="title"><a id="id2936833"></a>5.11. Close all Tor/Non-Tor tabs and windows on toggle (optional)</h3></div></div></div><p>Options:
775 775
    </p><table border="0" summary="Simple list" class="simplelist"><tr><td><span class="command"><strong>extensions.torbutton.close_nontor</strong></span></td></tr><tr><td><span class="command"><strong>extensions.torbutton.close_tor</strong></span></td></tr></table><p>
776 776
   </p><p>
777 777
 
... ...
@@ -795,7 +795,7 @@ out longer than necessary.
795 795
 While this setting doesn't satisfy any Torbutton requirements, the fact that
796 796
 cookies are transmitted for partially typed queries does not seem desirable
797 797
 for Tor usage.
798
-</p></div><div class="sect2" title="5.12. Isolate Access to History navigation to Tor state (crucial)"><div class="titlepage"><div><div><h3 class="title"><a id="id2644391"></a>5.12. Isolate Access to History navigation to Tor state (crucial)</h3></div></div></div><p>Option: <span class="command"><strong>extensions.torbutton.block_js_history</strong></span></p><p>
798
+</p></div><div class="sect2" title="5.12. Isolate Access to History navigation to Tor state (crucial)"><div class="titlepage"><div><div><h3 class="title"><a id="id2936914"></a>5.12. Isolate Access to History navigation to Tor state (crucial)</h3></div></div></div><p>Option: <span class="command"><strong>extensions.torbutton.block_js_history</strong></span></p><p>
799 799
 This setting determines if Torbutton installs an <a class="ulink" href="http://www.oxymoronical.com/experiments/apidocs/interface/nsISHistoryListener" target="_top">nsISHistoryListener</a>
800 800
 attached to the <a class="ulink" href="http://www.oxymoronical.com/experiments/apidocs/interface/nsISHistory" target="_top">sessionHistory</a> of 
801 801
 of each browser's <a class="ulink" href="https://developer.mozilla.org/en/XUL%3aProperty%3awebNavigation" target="_top">webNavigatator</a>.
... ...
@@ -823,7 +823,7 @@ This setting helps to fulfill Torbutton's <a class="link" href="#state">State
823 823
 Separation</a> and (until Bug 409737 is fixed) <a class="link" href="#isolation">Network Isolation</a>
824 824
 requirements.
825 825
 
826
-   </p></div><div class="sect2" title="5.13. History Access Settings"><div class="titlepage"><div><div><h3 class="title"><a id="id2644476"></a>5.13. History Access Settings</h3></div></div></div><p>Options:
826
+   </p></div><div class="sect2" title="5.13. History Access Settings"><div class="titlepage"><div><div><h3 class="title"><a id="id2936998"></a>5.13. History Access Settings</h3></div></div></div><p>Options:
827 827
   </p><table border="0" summary="Simple list" class="simplelist"><tr><td><span class="command"><strong>extensions.torbutton.block_thread</strong></span></td></tr><tr><td><span class="command"><strong>extensions.torbutton.block_nthread</strong></span></td></tr><tr><td><span class="command"><strong>extensions.torbutton.block_thwrite</strong></span></td></tr><tr><td><span class="command"><strong>extensions.torbutton.block_nthwrite</strong></span></td></tr></table><p>
828 828
   </p><p>These four settings govern the behavior of the <a class="ulink" href="https://git.torproject.org/checkout/torbutton/master/src/components/ignore-history.js" target="_top">components/ignore-history.js</a>
829 829
 history blocker component mentioned above. By hooking the browser's view of
... ...
@@ -838,12 +838,12 @@ Database</a> and the older Firefox 2 mechanisms.
838 838
 
839 839
 </p><p>
840 840
 This setting helps to satisfy the <a class="link" href="#state">State Separation</a> and <a class="link" href="#disk">Disk Avoidance</a> requirements.
841
-</p></div><div class="sect2" title="5.14. Clear History During Tor Toggle (optional)"><div class="titlepage"><div><div><h3 class="title"><a id="id2644588"></a>5.14. Clear History During Tor Toggle (optional)</h3></div></div></div><p>Option: <span class="command"><strong>extensions.torbutton.clear_history</strong></span></p><p>This setting governs if Torbutton calls
841
+</p></div><div class="sect2" title="5.14. Clear History During Tor Toggle (optional)"><div class="titlepage"><div><div><h3 class="title"><a id="id2937111"></a>5.14. Clear History During Tor Toggle (optional)</h3></div></div></div><p>Option: <span class="command"><strong>extensions.torbutton.clear_history</strong></span></p><p>This setting governs if Torbutton calls
842 842
 <a class="ulink" href="https://developer.mozilla.org/en/nsIBrowserHistory#removeAllPages.28.29" target="_top">nsIBrowserHistory.removeAllPages</a>
843 843
 and <a class="ulink" href="http://www.oxymoronical.com/experiments/apidocs/interface/nsISHistory" target="_top">nsISHistory.PurgeHistory</a>
844 844
 for each tab on Tor toggle.</p><p>
845 845
 This setting is an optional way to help satisfy the <a class="link" href="#state">State Separation</a> requirement.
846
-</p></div><div class="sect2" title="5.15. Block Password+Form saving during Tor/Non-Tor"><div class="titlepage"><div><div><h3 class="title"><a id="id2686134"></a>5.15. Block Password+Form saving during Tor/Non-Tor</h3></div></div></div><p>Options:
846
+</p></div><div class="sect2" title="5.15. Block Password+Form saving during Tor/Non-Tor"><div class="titlepage"><div><div><h3 class="title"><a id="id2978657"></a>5.15. Block Password+Form saving during Tor/Non-Tor</h3></div></div></div><p>Options:
847 847
   </p><table border="0" summary="Simple list" class="simplelist"><tr><td><span class="command"><strong>extensions.torbutton.block_tforms</strong></span></td></tr><tr><td><span class="command"><strong>extensions.torbutton.block_ntforms</strong></span></td></tr></table><p>
848 848
   </p><p>These settings govern if Torbutton disables
849 849
 <span class="command"><strong>browser.formfill.enable</strong></span>
... ...
@@ -852,19 +852,19 @@ Since form fields can be read at any time by Javascript, this setting is a lot
852 852
 more important than it seems.
853 853
 </p><p>
854 854
 This setting helps to satisfy the <a class="link" href="#state">State Separation</a> and <a class="link" href="#disk">Disk Avoidance</a> requirements.
855
-</p></div><div class="sect2" title="5.16. Block Tor disk cache and clear all cache on Tor Toggle"><div class="titlepage"><div><div><h3 class="title"><a id="id2686195"></a>5.16. Block Tor disk cache and clear all cache on Tor Toggle</h3></div></div></div><p>Option: <span class="command"><strong>extensions.torbutton.clear_cache</strong></span>
855
+</p></div><div class="sect2" title="5.16. Block Tor disk cache and clear all cache on Tor Toggle"><div class="titlepage"><div><div><h3 class="title"><a id="id2978718"></a>5.16. Block Tor disk cache and clear all cache on Tor Toggle</h3></div></div></div><p>Option: <span class="command"><strong>extensions.torbutton.clear_cache</strong></span>
856 856
   </p><p>This option causes Torbutton to call <a class="ulink" href="https://developer.mozilla.org/en/nsICacheService#evictEntries.28.29" target="_top">nsICacheService.evictEntries(0)</a>
857 857
 on Tor toggle to remove all entries from the cache. In addition, this setting
858 858
 causes Torbutton to set <a class="ulink" href="http://kb.mozillazine.org/Browser.cache.disk.enable" target="_top">browser.cache.disk.enable</a> to false.
859 859
 </p><p>
860 860
 This setting helps to satisfy the <a class="link" href="#state">State Separation</a> and <a class="link" href="#disk">Disk Avoidance</a> requirements.
861
-</p></div><div class="sect2" title="5.17. Block disk and memory cache during Tor"><div class="titlepage"><div><div><h3 class="title"><a id="id2686245"></a>5.17. Block disk and memory cache during Tor</h3></div></div></div><p>Option: <span class="command"><strong>extensions.torbutton.block_cache</strong></span></p><p>This setting
861
+</p></div><div class="sect2" title="5.17. Block disk and memory cache during Tor"><div class="titlepage"><div><div><h3 class="title"><a id="id2978768"></a>5.17. Block disk and memory cache during Tor</h3></div></div></div><p>Option: <span class="command"><strong>extensions.torbutton.block_cache</strong></span></p><p>This setting
862 862
 causes Torbutton to set <a class="ulink" href="http://kb.mozillazine.org/Browser.cache.memory.enable" target="_top">browser.cache.memory.enable</a>,
863 863
 <a class="ulink" href="http://kb.mozillazine.org/Browser.cache.disk.enable" target="_top">browser.cache.disk.enable</a> and
864 864
 <a class="ulink" href="http://kb.mozillazine.org/Network.http.use-cache" target="_top">network.http.use-cache</a> to false during tor usage.
865 865
 </p><p>
866 866
 This setting helps to satisfy the <a class="link" href="#state">State Separation</a> and <a class="link" href="#disk">Disk Avoidance</a> requirements.
867
-</p></div><div class="sect2" title="5.18. Clear Cookies on Tor Toggle"><div class="titlepage"><div><div><h3 class="title"><a id="id2686298"></a>5.18. Clear Cookies on Tor Toggle</h3></div></div></div><p>Option: <span class="command"><strong>extensions.torbutton.clear_cookies</strong></span>
867
+</p></div><div class="sect2" title="5.18. Clear Cookies on Tor Toggle"><div class="titlepage"><div><div><h3 class="title"><a id="id2978820"></a>5.18. Clear Cookies on Tor Toggle</h3></div></div></div><p>Option: <span class="command"><strong>extensions.torbutton.clear_cookies</strong></span>
868 868
   </p><p>
869 869
 
870 870
 This setting causes Torbutton to call <a class="ulink" href="https://developer.mozilla.org/en/nsICookieManager#removeAll.28.29" target="_top">nsICookieManager.removeAll()</a> on
... ...
@@ -874,7 +874,7 @@ which prevents them from being written to disk.
874 874
 
875 875
 </p><p>
876 876
 This setting helps to satisfy the <a class="link" href="#state">State Separation</a> and <a class="link" href="#disk">Disk Avoidance</a> requirements.
877
-</p></div><div class="sect2" title="5.19. Store Non-Tor cookies in a protected jar"><div class="titlepage"><div><div><h3 class="title"><a id="id2686349"></a>5.19. Store Non-Tor cookies in a protected jar</h3></div></div></div><p>Option: <span class="command"><strong>extensions.torbutton.cookie_jars</strong></span>
877
+</p></div><div class="sect2" title="5.19. Store Non-Tor cookies in a protected jar"><div class="titlepage"><div><div><h3 class="title"><a id="id2978871"></a>5.19. Store Non-Tor cookies in a protected jar</h3></div></div></div><p>Option: <span class="command"><strong>extensions.torbutton.cookie_jars</strong></span>
878 878
   </p><p>
879 879
 
880 880
 This setting causes Torbutton to use <a class="ulink" href="https://git.torproject.org/checkout/torbutton/master/src/components/cookie-jar-selector.js" target="_top">@torproject.org/cookie-jar-selector;2</a> to store
... ...
@@ -887,15 +887,15 @@ which prevents them from being written to disk.
887 887
 
888 888
 </p><p>
889 889
 This setting helps to satisfy the <a class="link" href="#state">State Separation</a> and <a class="link" href="#disk">Disk Avoidance</a> requirements.
890
-</p></div><div class="sect2" title="5.20. Store both Non-Tor and Tor cookies in a protected jar (dangerous)"><div class="titlepage"><div><div><h3 class="title"><a id="id2686405"></a>5.20. Store both Non-Tor and Tor cookies in a protected jar (dangerous)</h3></div></div></div><p>Option: <span class="command"><strong>extensions.torbutton.dual_cookie_jars</strong></span>
890
+</p></div><div class="sect2" title="5.20. Store both Non-Tor and Tor cookies in a protected jar (dangerous)"><div class="titlepage"><div><div><h3 class="title"><a id="id2978928"></a>5.20. Store both Non-Tor and Tor cookies in a protected jar (dangerous)</h3></div></div></div><p>Option: <span class="command"><strong>extensions.torbutton.dual_cookie_jars</strong></span>
891 891
   </p><p>
892 892
 
893 893
 This setting causes Torbutton to use <a class="ulink" href="https://git.torproject.org/checkout/torbutton/master/src/components/cookie-jar-selector.js" target="_top">@torproject.org/cookie-jar-selector;2</a> to store
894 894
 both Tor and Non-Tor cookies into protected jars.
895 895
 </p><p>
896 896
 This setting helps to satisfy the <a class="link" href="#state">State Separation</a> requirement.
897
-</p></div><div class="sect2" title="5.21. Manage My Own Cookies (dangerous)"><div class="titlepage"><div><div><h3 class="title"><a id="id2686444"></a>5.21. Manage My Own Cookies (dangerous)</h3></div></div></div><p>Options: None</p><p>This setting disables all Torbutton cookie handling by setting the above
898
-cookie prefs all to false.</p></div><div class="sect2" title="5.22. Disable DOM Storage during Tor usage (crucial)"><div class="titlepage"><div><div><h3 class="title"><a id="id2686459"></a>5.22. Disable DOM Storage during Tor usage (crucial)</h3></div></div></div><div class="sect2" title="5.22.1. Do not write Tor/Non-Tor cookies to disk"><div class="titlepage"><div><div><h3 class="title"><a id="id2686461"></a>5.22.1. Do not write Tor/Non-Tor cookies to disk</h3></div></div></div><p>Options:
897
+</p></div><div class="sect2" title="5.21. Manage My Own Cookies (dangerous)"><div class="titlepage"><div><div><h3 class="title"><a id="id2978967"></a>5.21. Manage My Own Cookies (dangerous)</h3></div></div></div><p>Options: None</p><p>This setting disables all Torbutton cookie handling by setting the above
898
+cookie prefs all to false.</p></div><div class="sect2" title="5.22. Disable DOM Storage during Tor usage (crucial)"><div class="titlepage"><div><div><h3 class="title"><a id="id2978982"></a>5.22. Disable DOM Storage during Tor usage (crucial)</h3></div></div></div><div class="sect2" title="5.22.1. Do not write Tor/Non-Tor cookies to disk"><div class="titlepage"><div><div><h3 class="title"><a id="id2978984"></a>5.22.1. Do not write Tor/Non-Tor cookies to disk</h3></div></div></div><p>Options:
899 899
   </p><table border="0" summary="Simple list" class="simplelist"><tr><td><span class="command"><strong>extensions.torbutton.tor_memory_jar</strong></span></td></tr><tr><td><span class="command"><strong>extensions.torbutton.nontor_memory_jar</strong></span></td></tr></table><p>
900 900
   </p><p>
901 901
 These settings (contributed by arno) cause Torbutton to set <a class="ulink" href="http://kb.mozillazine.org/Network.cookie.lifetimePolicy" target="_top">network.cookie.lifetimePolicy</a>
... ...
@@ -915,13 +915,13 @@ usage to prevent
915 915
 <a class="ulink" href="http://developer.mozilla.org/en/docs/DOM:Storage" target="_top">DOM Storage</a> from
916 916
   being used to store persistent information across Tor states.</p><p>
917 917
 This setting helps to satisfy the <a class="link" href="#state">State Separation</a> requirement.
918
-</p></div><div class="sect2" title="5.23. Clear HTTP Auth on Tor Toggle (recommended)"><div class="titlepage"><div><div><h3 class="title"><a id="id2686563"></a>5.23. Clear HTTP Auth on Tor Toggle (recommended)</h3></div></div></div><p>Option: <span class="command"><strong>extensions.torbutton.clear_http_auth</strong></span>
918
+</p></div><div class="sect2" title="5.23. Clear HTTP Auth on Tor Toggle (recommended)"><div class="titlepage"><div><div><h3 class="title"><a id="id2979086"></a>5.23. Clear HTTP Auth on Tor Toggle (recommended)</h3></div></div></div><p>Option: <span class="command"><strong>extensions.torbutton.clear_http_auth</strong></span>
919 919
   </p><p>
920 920
 This setting causes Torbutton to call <a class="ulink" href="http://www.oxymoronical.com/experiments/apidocs/interface/nsIHttpAuthManager" target="_top">nsIHttpAuthManager.clearAll()</a>
921 921
 every time Tor is toggled.
922 922
 </p><p>
923 923
 This setting helps to satisfy the <a class="link" href="#state">State Separation</a> requirement.
924
-</p></div><div class="sect2" title="5.24. Clear cookies on Tor/Non-Tor shutdown"><div class="titlepage"><div><div><h3 class="title"><a id="id2686600"></a>5.24. Clear cookies on Tor/Non-Tor shutdown</h3></div></div></div><p>Option: <span class="command"><strong>extensions.torbutton.shutdown_method</strong></span>
924
+</p></div><div class="sect2" title="5.24. Clear cookies on Tor/Non-Tor shutdown"><div class="titlepage"><div><div><h3 class="title"><a id="id2979123"></a>5.24. Clear cookies on Tor/Non-Tor shutdown</h3></div></div></div><p>Option: <span class="command"><strong>extensions.torbutton.shutdown_method</strong></span>
925 925
   </p><p> This option variable can actually take 3 values: 0, 1, and 2. 0 means no
926 926
 cookie clearing, 1 means clear only during Tor-enabled shutdown, and 2 means
927 927
 clear for both Tor and Non-Tor shutdown. When set to 1 or 2, Torbutton listens
... ...
@@ -929,7 +929,7 @@ for the <a class="ulink" href="http://developer.mozilla.org/en/docs/Observer_Not
929 929
 <code class="function">https://git.torproject.org/checkout/torbutton/master/src/components/crash-observer.js</code> and use <a class="ulink" href="https://git.torproject.org/checkout/torbutton/master/src/components/cookie-jar-selector.js" target="_top">@torproject.org/cookie-jar-selector;2</a>
930 930
 to clear out all cookies and all cookie jars upon shutdown.  </p><p>
931 931
 This setting helps to satisfy the <a class="link" href="#state">State Separation</a> requirement.
932
-</p></div><div class="sect2" title="5.25. Reload cookie jar/clear cookies on Firefox crash"><div class="titlepage"><div><div><h3 class="title"><a id="id2686655"></a>5.25. Reload cookie jar/clear cookies on Firefox crash</h3></div></div></div><p>Options:
932
+</p></div><div class="sect2" title="5.25. Reload cookie jar/clear cookies on Firefox crash"><div class="titlepage"><div><div><h3 class="title"><a id="id2979178"></a>5.25. Reload cookie jar/clear cookies on Firefox crash</h3></div></div></div><p>Options:
933 933
   </p><table border="0" summary="Simple list" class="simplelist"><tr><td><span class="command"><strong>extensions.torbutton.reload_crashed_jar</strong></span></td></tr><tr><td><span class="command"><strong>extensions.torbutton.crashed</strong></span></td></tr></table><p>
934 934
   </p><p>This is no longer a user visible option, and is enabled by default. In
935 935
 the event of a crash, the Torbutton <a class="ulink" href="https://git.torproject.org/checkout/torbutton/master/src/components/crash-observer.js" target="_top">components/crash-observer.js</a> 
... ...
@@ -941,7 +941,7 @@ the chrome that listens for this update), and Torbutton will load the
941 941
   component.</p><p>
942 942
 This setting helps to satisfy the <a class="link" href="#state">State Separation</a> requirement in the event of Firefox
943 943
 crashes.
944
-</p></div><div class="sect2" title="5.26. On crash recovery or session restored startup, restore via: Tor, Non-Tor"><div class="titlepage"><div><div><h3 class="title"><a id="id2686731"></a>5.26. On crash recovery or session restored startup, restore via: Tor, Non-Tor</h3></div></div></div><p>Options:
944
+</p></div><div class="sect2" title="5.26. On crash recovery or session restored startup, restore via: Tor, Non-Tor"><div class="titlepage"><div><div><h3 class="title"><a id="id2979253"></a>5.26. On crash recovery or session restored startup, restore via: Tor, Non-Tor</h3></div></div></div><p>Options:
945 945
   </p><table border="0" summary="Simple list" class="simplelist"><tr><td><span class="command"><strong>extensions.torbutton.restore_tor</strong></span></td></tr><tr><td><span class="command"><strong>extensions.torbutton.crashed</strong></span></td></tr><tr><td><span class="command"><strong>extensions.torbutton.normal_exit</strong></span></td></tr></table><p>
946 946
   </p><p>This option works with the Torbutton <a class="ulink" href="https://git.torproject.org/checkout/torbutton/master/src/components/crash-observer.js" target="_top">crash-observer.js</a> 
947 947
   to set the Tor state after a crash is detected (via the 
... ...
@@ -957,7 +957,7 @@ setting helps to satisfy the <a class="link" href="#state">State Separation</a>
957 957
 requirement in the event of Firefox crashes by ensuring all cookies,
958 958
 settings and saved sessions are reloaded from a fixed Tor state.
959 959
  
960
-</p></div><div class="sect2" title="5.27. On normal startup, set state to: Tor, Non-Tor, Shutdown State"><div class="titlepage"><div><div><h3 class="title"><a id="id2686802"></a>5.27. On normal startup, set state to: Tor, Non-Tor, Shutdown State</h3></div></div></div><p>Options:
960
+</p></div><div class="sect2" title="5.27. On normal startup, set state to: Tor, Non-Tor, Shutdown State"><div class="titlepage"><div><div><h3 class="title"><a id="id2979325"></a>5.27. On normal startup, set state to: Tor, Non-Tor, Shutdown State</h3></div></div></div><p>Options:
961 961
   </p><table border="0" summary="Simple list" class="simplelist"><tr><td><span class="command"><strong>extensions.torbutton.startup_state</strong></span></td></tr><tr><td><span class="command"><strong>extensions.torbutton.noncrashed</strong></span></td></tr><tr><td><span class="command"><strong>extensions.torbutton.normal_exit</strong></span></td></tr></table><p>
962 962
   </p><p>This option also works with the Torbutton <a class="ulink" href="https://git.torproject.org/checkout/torbutton/master/src/components/crash-observer.js" target="_top">crash-observer.js</a> 
963 963
   to set the Tor state after a normal startup is detected (via the 
... ...
@@ -967,7 +967,7 @@ false positives
967 967
 extensions.torbutton.normal_exit in torbutton_uninstall_observer() during
968 968
 Firefox exit and checks this value as well during startup.
969 969
   
970
-</p></div><div class="sect2" title="5.28. Prevent session store from saving Non-Tor/Tor-loaded tabs"><div class="titlepage"><div><div><h3 class="title"><a id="id2686861"></a>5.28. Prevent session store from saving Non-Tor/Tor-loaded tabs</h3></div></div></div><p>Options: 
970
+</p></div><div class="sect2" title="5.28. Prevent session store from saving Non-Tor/Tor-loaded tabs"><div class="titlepage"><div><div><h3 class="title"><a id="id2979384"></a>5.28. Prevent session store from saving Non-Tor/Tor-loaded tabs</h3></div></div></div><p>Options: 
971 971
   </p><table border="0" summary="Simple list" class="simplelist"><tr><td><span class="command"><strong>extensions.torbutton.nonontor_sessionstore</strong></span></td></tr><tr><td><span class="command"><strong>extensions.torbutton.notor_sessionstore</strong></span></td></tr></table><p>
972 972
   </p><p>If these options are enabled, the <a class="ulink" href="https://git.torproject.org/checkout/torbutton/master/src/components/nsSessionStore3.js" target="_top">replacement nsSessionStore.js</a>
973 973
   component checks the <span class="command"><strong>__tb_tor_fetched</strong></span> tag of tabs before writing them
... ...
@@ -977,7 +977,7 @@ This setting helps to satisfy the <a class="link" href="#disk">Disk Avoidance</a
977 977
 requirement, and also helps to satisfy the <a class="link" href="#state">State Separation</a> requirement in the event of Firefox
978 978
 crashes.
979 979
 
980
-</p></div><div class="sect2" title="5.29. Set user agent during Tor usage (crucial)"><div class="titlepage"><div><div><h3 class="title"><a id="id2686926"></a>5.29. Set user agent during Tor usage (crucial)</h3></div></div></div><p>Options:
980
+</p></div><div class="sect2" title="5.29. Set user agent during Tor usage (crucial)"><div class="titlepage"><div><div><h3 class="title"><a id="id2979449"></a>5.29. Set user agent during Tor usage (crucial)</h3></div></div></div><p>Options:
981 981
    </p><table border="0" summary="Simple list" class="simplelist"><tr><td><span class="command"><strong>extensions.torbutton.set_uagent</strong></span></td></tr><tr><td><span class="command"><strong>extensions.torbutton.platform_override</strong></span></td></tr><tr><td><span class="command"><strong>extensions.torbutton.oscpu_override</strong></span></td></tr><tr><td><span class="command"><strong>extensions.torbutton.buildID_override</strong></span></td></tr><tr><td><span class="command"><strong>extensions.torbutton.productsub_override</strong></span></td></tr><tr><td><span class="command"><strong>extensions.torbutton.appname_override</strong></span></td></tr><tr><td><span class="command"><strong>extensions.torbutton.appversion_override</strong></span></td></tr><tr><td><span class="command"><strong>extensions.torbutton.useragent_override</strong></span></td></tr><tr><td><span class="command"><strong>extensions.torbutton.useragent_vendor</strong></span></td></tr><tr><td><span class="command"><strong>extensions.torbutton.useragent_vendorSub</strong></span></td></tr></table><p>
982 982
    </p><p>On face, user agent switching appears to be straight-forward in Firefox.
983 983
 It provides several options for controlling the browser user agent string:
... ...
@@ -1001,7 +1001,7 @@ certain resource:// files</a>. These cases are handled by Torbutton's
1001 1001
 
1002 1002
 </p><p>
1003 1003
 This setting helps to satisfy the <a class="link" href="#setpreservation">Anonymity Set Preservation</a> requirement.
1004
-</p></div><div class="sect2" title="5.30. Spoof US English Browser"><div class="titlepage"><div><div><h3 class="title"><a id="id2687100"></a>5.30. Spoof US English Browser</h3></div></div></div><p>Options:
1004
+</p></div><div class="sect2" title="5.30. Spoof US English Browser"><div class="titlepage"><div><div><h3 class="title"><a id="id2979623"></a>5.30. Spoof US English Browser</h3></div></div></div><p>Options:
1005 1005
 </p><table border="0" summary="Simple list" class="simplelist"><tr><td><span class="command"><strong>extensions.torbutton.spoof_english</strong></span></td></tr><tr><td><span class="command"><strong>extensions.torbutton.spoof_charset</strong></span></td></tr><tr><td><span class="command"><strong>extensions.torbutton.spoof_language</strong></span></td></tr></table><p>
1006 1006
 </p><p> This option causes Torbutton to set
1007 1007
 <span class="command"><strong>general.useragent.locale</strong></span>
... ...
@@ -1012,13 +1012,13 @@ This setting helps to satisfy the <a class="link" href="#setpreservation">Anonym
1012 1012
 well as hooking <span class="command"><strong>navigator.language</strong></span> via its <a class="link" href="#jshooks" title="5.4. Hook Dangerous Javascript">javascript hooks</a>.
1013 1013
  </p><p>
1014 1014
 This setting helps to satisfy the <a class="link" href="#setpreservation">Anonymity Set Preservation</a> and <a class="link" href="#location">Location Neutrality</a> requirements.
1015
-</p></div><div class="sect2" title="5.31. Don't send referrer during Tor Usage"><div class="titlepage"><div><div><h3 class="title"><a id="id2687193"></a>5.31. Don't send referrer during Tor Usage</h3></div></div></div><p>Option: <span class="command"><strong>extensions.torbutton.disable_referer</strong></span>
1015
+</p></div><div class="sect2" title="5.31. Don't send referrer during Tor Usage"><div class="titlepage"><div><div><h3 class="title"><a id="id2979716"></a>5.31. Don't send referrer during Tor Usage</h3></div></div></div><p>Option: <span class="command"><strong>extensions.torbutton.disable_referer</strong></span>
1016 1016
 </p><p> 
1017 1017
 This option causes Torbutton to set <a class="ulink" href="http://kb.mozillazine.org/Network.http.sendSecureXSiteReferrer" target="_top">network.http.sendSecureXSiteReferrer</a> and
1018 1018
 <a class="ulink" href="http://kb.mozillazine.org/Network.http.sendRefererHeader" target="_top">network.http.sendRefererHeader</a> during Tor usage.</p><p>
1019 1019
 This setting also does not directly satisfy any Torbutton requirement, but
1020 1020
 some may desire to mask their referrer for general privacy concerns.
1021
-</p></div><div class="sect2" title="5.32. Strip platform and language off of Google Search Box queries"><div class="titlepage"><div><div><h3 class="title"><a id="id2687234"></a>5.32. Strip platform and language off of Google Search Box queries</h3></div></div></div><p>Option: <span class="command"><strong>extensions.torbutton.fix_google_srch</strong></span>
1021
+</p></div><div class="sect2" title="5.32. Strip platform and language off of Google Search Box queries"><div class="titlepage"><div><div><h3 class="title"><a id="id2979756"></a>5.32. Strip platform and language off of Google Search Box queries</h3></div></div></div><p>Option: <span class="command"><strong>extensions.torbutton.fix_google_srch</strong></span>
1022 1022
 </p><p> 
1023 1023
 
1024 1024
 This option causes Torbutton to use the <a class="ulink" href="https://wiki.mozilla.org/Search_Service:API" target="_top">@mozilla.org/browser/search-service;1</a>
... ...
@@ -1028,7 +1028,7 @@ platform information. This setting strips off that info while Tor is enabled.
1028 1028
 
1029 1029
 </p><p>
1030 1030
 This setting helps Torbutton to fulfill its <a class="link" href="#setpreservation">Anonymity Set Preservation</a> requirement.
1031
-</p></div><div class="sect2" title="5.33. Automatically use an alternate search engine when presented with a Google Captcha"><div class="titlepage"><div><div><h3 class="title"><a id="id2687274"></a>5.33. Automatically use an alternate search engine when presented with a
1031
+</p></div><div class="sect2" title="5.33. Automatically use an alternate search engine when presented with a Google Captcha"><div class="titlepage"><div><div><h3 class="title"><a id="id2979797"></a>5.33. Automatically use an alternate search engine when presented with a
1032 1032
 Google Captcha</h3></div></div></div><p>Options:
1033 1033
 </p><table border="0" summary="Simple list" class="simplelist"><tr><td><span class="command"><strong>extensions.torbutton.asked_google_captcha</strong></span></td></tr><tr><td><span class="command"><strong>extensions.torbutton.dodge_google_captcha</strong></span></td></tr><tr><td><span class="command"><strong>extensions.torbutton.google_redir_url</strong></span></td></tr></table><p>
1034 1034
 </p><p>
... ...
@@ -1053,7 +1053,7 @@ options are duckduckgo.com, ixquick.com, bing.com, yahoo.com and scroogle.org. T
1053 1053
 encoded in the preferences
1054 1054
 <span class="command"><strong>extensions.torbutton.redir_url.[1-5]</strong></span>.
1055 1055
 
1056
-</p></div><div class="sect2" title="5.34. Store SSL/CA Certs in separate jars for Tor/Non-Tor (recommended)"><div class="titlepage"><div><div><h3 class="title"><a id="id2687355"></a>5.34. Store SSL/CA Certs in separate jars for Tor/Non-Tor (recommended)</h3></div></div></div><p>Options:
1056
+</p></div><div class="sect2" title="5.34. Store SSL/CA Certs in separate jars for Tor/Non-Tor (recommended)"><div class="titlepage"><div><div><h3 class="title"><a id="id2979878"></a>5.34. Store SSL/CA Certs in separate jars for Tor/Non-Tor (recommended)</h3></div></div></div><p>Options:
1057 1057
 </p><table border="0" summary="Simple list" class="simplelist"><tr><td><span class="command"><strong>extensions.torbutton.jar_certs</strong></span></td></tr><tr><td><span class="command"><strong>extensions.torbutton.jar_ca_certs</strong></span></td></tr></table><p>
1058 1058
 </p><p>
1059 1059
 
... ...
@@ -1132,6 +1132,23 @@ this functionality is considered a Torbutton security bug because cert
1132 1132
 isolation is considered a <a class="link" href="#state">State Separation</a>
1133 1133
 feature.
1134 1134
 
1135
+      </p></li><li class="listitem">Give more visibility into and control over TLS
1136
+negotiation
1137
+     <p>
1138
+
1139
+There are several <a class="ulink" href="https://trac.torproject.org/projects/tor/ticket/2482" target="_top">TLS issues
1140
+impacting Torbutton security</a>. It is not clear if these should be one
1141
+Firefox bug or several, but in particular we need better control over various
1142
+aspects of TLS connections. Firefox currently provides no observer capable of
1143
+extracting TLS parameters or certificates early enough to cancel a TLS
1144
+request. We would like to be able to provide <a class="ulink" href="https://www.eff.org/https-everywhere" target="_top">HTTPS-Everywhere</a> users with
1145
+the ability to <a class="ulink" href="https://trac.torproject.org/projects/tor/wiki/HTTPSEverywhere/SSLObservatorySubmission" target="_top">have
1146
+their certificates audited</a> by a <a class="ulink" href="http://www.networknotary.org/" target="_top">Perspectives</a>-style set of
1147
+notaries. The problem with this is that the API observer points do not exist
1148
+for any Firefox addon to actually block authentication token submission over a
1149
+TLS channel, so every addon to date (including Perspectives) is actually
1150
+providing users with notification *after* their authentication tokens have
1151
+already been compromised. This obviously needs to be fixed.
1135 1152
      </p></li><li class="listitem"><a class="ulink" href="https://bugzilla.mozilla.org/show_bug.cgi?id=575230" target="_top">Bug 575230 - Provide option to
1136 1153
 reduce precision of Date()</a><p>
1137 1154
 
... ...
@@ -1404,13 +1421,13 @@ or complete, but it is automated and could be turned into something useful
1404 1421
 with a bit of work.
1405 1422
 
1406 1423
        </p></li></ol></div><p>
1407
-    </p></div><div class="sect2" title="7.2. Multi-state testing"><div class="titlepage"><div><div><h3 class="title"><a id="id2688437"></a>7.2. Multi-state testing</h3></div></div></div><p>
1424
+    </p></div><div class="sect2" title="7.2. Multi-state testing"><div class="titlepage"><div><div><h3 class="title"><a id="id2980994"></a>7.2. Multi-state testing</h3></div></div></div><p>
1408 1425
 
1409 1426
 The tests in this section are geared towards a page that would instruct the
1410 1427
 user to toggle their Tor state after the fetch and perform some operations:
1411 1428
 mouseovers, stray clicks, and potentially reloads.
1412 1429
 
1413
-   </p><div class="sect3" title="Cookies and Cache Correlation"><div class="titlepage"><div><div><h4 class="title"><a id="id2688449"></a>Cookies and Cache Correlation</h4></div></div></div><p>
1430
+   </p><div class="sect3" title="Cookies and Cache Correlation"><div class="titlepage"><div><div><h4 class="title"><a id="id2981006"></a>Cookies and Cache Correlation</h4></div></div></div><p>
1414 1431
 The most obvious test is to set a cookie, ask the user to toggle tor, and then
1415 1432
 have them reload the page. The cookie should no longer be set if they are
1416 1433
 using the default Torbutton settings. In addition, it is possible to leverage
... ...
@@ -1418,11 +1435,11 @@ the cache to <a class="ulink" href="http://crypto.stanford.edu/sameorigin/safeca
1418 1435
 identifiers</a>. The default settings of Torbutton should also protect
1419 1436
 against these from persisting across Tor Toggle.
1420 1437
 
1421
-    </p></div><div class="sect3" title="Javascript timers and event handlers"><div class="titlepage"><div><div><h4 class="title"><a id="id2688472"></a>Javascript timers and event handlers</h4></div></div></div><p>
1438
+    </p></div><div class="sect3" title="Javascript timers and event handlers"><div class="titlepage"><div><div><h4 class="title"><a id="id2981029"></a>Javascript timers and event handlers</h4></div></div></div><p>
1422 1439
 
1423 1440
 Javascript can set timers and register event handlers in the hopes of fetching
1424 1441
 URLs after the user has toggled Torbutton. 
1425
-    </p></div><div class="sect3" title="CSS Popups and non-script Dynamic Content"><div class="titlepage"><div><div><h4 class="title"><a id="id2688484"></a>CSS Popups and non-script Dynamic Content</h4></div></div></div><p>
1442
+    </p></div><div class="sect3" title="CSS Popups and non-script Dynamic Content"><div class="titlepage"><div><div><h4 class="title"><a id="id2981042"></a>CSS Popups and non-script Dynamic Content</h4></div></div></div><p>
1426 1443
 
1427 1444
 Even if Javascript is disabled, CSS is still able to 
1428 1445
 <a class="ulink" href="http://www.tjkdesign.com/articles/css%20pop%20ups/" target="_top">create popup-like
... ...
@@ -1447,7 +1464,7 @@ these attacks, playing with them, and reporting what you find (and potentially
1447 1464
 submitting the test cases back to be run in the standard batch of Torbutton
1448 1465
 tests.
1449 1466
 
1450
-   </p><div class="sect3" title="Some suggested vectors to investigate"><div class="titlepage"><div><div><h4 class="title"><a id="id2688539"></a>Some suggested vectors to investigate</h4></div></div></div><p>
1467
+   </p><div class="sect3" title="Some suggested vectors to investigate"><div class="titlepage"><div><div><h4 class="title"><a id="id2981097"></a>Some suggested vectors to investigate</h4></div></div></div><p>
1451 1468
     </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem">Strange ways to register Javascript <a class="ulink" href="http://en.wikipedia.org/wiki/DOM_Events" target="_top">events</a> and <a class="ulink" href="http://www.devshed.com/c/a/JavaScript/Using-Timers-in-JavaScript/" target="_top">timeouts</a> should
1452 1469
 be verified to actually be ineffective after Tor has been toggled.</li><li class="listitem">Other ways to cause Javascript to be executed after
1453 1470
 <span class="command"><strong>javascript.enabled</strong></span> has been toggled off.</li><li class="listitem">Odd ways to attempt to load plugins. Kyle Williams has had
1454 1471