Author: anonym Date: To: The Tails public development discussion list Subject: Re: [Tails-dev] Tails 0.14 vs. iceweasel 10.0.9esr-1
18/10/12 11:01, intrigeri wrote: > intrigeri wrote (16 Oct 2012 08:56:18 GMT) :
>> closely following 10.0.8esr-1 (uploaded on the 9th), iceweasel
>> 10.0.9esr-1 was uploaded on the 13th [...] => could be backported
>> right now.
>
> And indeed it was.
>
>> However, it badly breaks torbutton:
>
> NEWS.Debian for torbutton (1.4.6.3-1) reads:
>
> Security fixes introduced in Iceweasel 10.0.8esr prevents Torbutton
> from hooking window properties. This means that using this package
> is no longer substantially different from disabling websockets,
> disabling plugins, and using Private Browsing Mode to prevent
> disk leaks.
>
> Due to the very strong risk of fingerprinting and the resulting
> reduction of the anonymity set, it is more than strongly advised to
> uninstall this package and use the TorBrowserBundle instead. [...]
>
> I guess this raises the priority for replacing iceweasel with
> Torbrowser and its dependencies (lizard setup, APT repo).
>
> What do we do for 0.14?
I suppose our (realisic) options boil down to:
1. Ship an old Iceweasel esr with good Torbutton.
2. Ship a new Iceweasel esr with bad Torbutton.
How do we value "susceptibility to general browser exploits" vs.
"susceptibility to Tor-specific anonymity attacks"? I think I'm more in
favour of option 1, but I feel far from confident with this choice.
How realistic is the following option?
3. Ship new Iceweasel esr + relevant TorBrowser patches that we build
ourselves and host on some temporary APT repo so Torbutton becomes
good?