On 2015-08-20 21:27, Cain Ungothep wrote:
Anybody care to make a peer-reviewed guide of how to check the
>extensions for leaks, cheats and other dirty tricks?
I would say use the source, Lara.
It's problematic, of course, since it requires an expert not only on
programming, networking, privacy and security but also on Mozilla's
extension architecture. But really, I don't think there's any other
way.
I doubt there are many people who are truly competent to check the
source. You don't just need a programmer who checks to make sure the
code does what they expect, but also that there aren't any corner cases
where something does leak, just a little.
To be secure, one must also check the entirety of the Firefox source,
since Firefox could easily have some behaviour which intentionally leaks
when Tor is active (and possibly only when other conditions are met, to
reduce the odds of anyone who isn't a target from observing any
unexpected behaviour)
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
--
tor-talk mailing list - [email protected]
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
