Re: [tor-bugs] #33003 [Applications/Tor Browser]: Tor browser / Firefox telemetry data

2020-02-05 Thread Tor Bug Tracker & Wiki
#33003: Tor browser / Firefox telemetry data
--+---
 Reporter:  cypherpunks   |  Owner:  tbb-team
 Type:  defect| Status:  needs_information
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  TorBrowserTeamTriaged |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+---

Comment (by cypherpunks):

 Yeah ungoogled-chromium is faster than fatfox. Devs should try it out.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #33003 [Applications/Tor Browser]: Tor browser / Firefox telemetry data

2020-02-05 Thread Tor Bug Tracker & Wiki
#33003: Tor browser / Firefox telemetry data
--+---
 Reporter:  cypherpunks   |  Owner:  tbb-team
 Type:  defect| Status:  needs_information
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  TorBrowserTeamTriaged |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+---

Comment (by cypherpunks):

 https://it.slashdot.org/story/20/02/03/2012236/firefox-now-shows-what-
 telemetry-data-its-collecting-about-you

 I am pretty sure this is all anti-GDPR.

 The Tor team should definitely consider switching to ungoogled-chromium.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #33003 [Applications/Tor Browser]: Tor browser / Firefox telemetry data

2020-01-23 Thread Tor Bug Tracker & Wiki
#33003: Tor browser / Firefox telemetry data
--+---
 Reporter:  cypherpunks   |  Owner:  tbb-team
 Type:  defect| Status:  needs_information
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  TorBrowserTeamTriaged |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+---

Comment (by cypherpunks):

 > Their existence is not a bug


 Still that same existence is an open door to anti-privacy. Suppose a case
 when the user plays with `about:config` or other preferences and
 inadvertently enables an anti-privacy feature such as telemetry or
 anything else which exists in Firefox. If the URLs had been removed he
 would not be able to de-anonymize the browser. IOW not having those URLs
 can be seen as a precaution.


 > if they are used in unexpected ways, then that may be a bug.


 As I mentioned initially, my personal expectation from a privacy
 respecting browser is 0 (zero) background connections, i.e. ones not
 initiated by me explicitly or through a setting which I explicitly set-up.
 This means: out of the box there should be no connections other than those
 related to typed URLs. I suppose HTTPS-E must be considered along these
 lines too as it has some mechanism for remote updates. All that should be
 an opt-in on first run.


 > This happens occasionally, but are you reporting this is happening now?


 I don't know how to tcpdump the connections which Tor Browser makes as I
 don't know how to tcpdump anything that passes through Tor. If you explain
 how to do this I can try.


 > Can you provide steps for reproducing it?


 I found this which seem related to all those background connections (in
 Firefox):

 https://bugzilla.mozilla.org/show_bug.cgi?id=1432248

 Note how Mozilla (that "privacy respecting" and "non-profit" organization)
 closed this as WONTFIX and linked it to another bug report which was also
 closed as WONTFIX. To date these automatic connections in Firefox persist
 and their documentation about how to disable them is still not complete.
 Mozilla Firefox's privacy policy is an anti-privacy policy. Just read:

 https://www.mozilla.org/en-US/privacy/firefox/

 By default they *share* a lot. But private means not shared, i.e. the
 opposite.

 In contrast ungoogled-chromium makes zero background connections out of
 the box (tested). Perhaps it is a better alternative for being a new basis
 for Tor Browser because it can already be configured to work through Tor
 proxy, so all it needs is some fine tuning about reducing the fingerprint.
 What do you say? (I realize this is not a bug report but a wider
 discussion. Please advise where it is appropriate to talk about that if
 you think it is worthwhile)

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #33003 [Applications/Tor Browser]: Tor browser / Firefox telemetry data

2020-01-20 Thread Tor Bug Tracker & Wiki
#33003: Tor browser / Firefox telemetry data
--+---
 Reporter:  cypherpunks   |  Owner:  tbb-team
 Type:  defect| Status:  needs_information
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  TorBrowserTeamTriaged |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+---
Changes (by sysrqb):

 * keywords:   => TorBrowserTeamTriaged
 * priority:  High => Medium
 * severity:  Major => Normal


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #33003 [Applications/Tor Browser]: Tor browser / Firefox telemetry data

2020-01-20 Thread Tor Bug Tracker & Wiki
#33003: Tor browser / Firefox telemetry data
--+---
 Reporter:  cypherpunks   |  Owner:  tbb-team
 Type:  defect| Status:  needs_information
 Priority:  High  |  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Major | Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+---
Changes (by sysrqb):

 * status:  new => needs_information


Comment:

 I don't understand the bug. Tor Browser has some preferences with URLs as
 their value and some of them contain "mozilla" or "google" or "org" (?).
 Their existence is not a bug, if they are used in unexpected ways, then
 that may be a bug. This happens occasionally, but are you reporting this
 is happening now? Can you provide steps for reproducing it?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #33003 [Applications/Tor Browser]: Tor browser / Firefox telemetry data

2020-01-20 Thread Tor Bug Tracker & Wiki
#33003: Tor browser / Firefox telemetry data
--+--
 Reporter:  cypherpunks   |  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  High  |  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Major | Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
Changes (by nickm):

 * owner:  (none) => tbb-team
 * component:  - Select a component => Applications/Tor Browser


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs