Page 1 of 3 123 LastLast
Results 1 to 10 of 26

Thread: Privacy threat due to 2 out-of-the-box bugs in ubuntu 13.10 Unity Tor Browser

  1. #1
    Join Date
    Jan 2014
    Beans
    20

    Privacy threat due to 2 out-of-the-box bugs in ubuntu 13.10 Unity Tor Browser

    Are the ubuntu 13.10 Unity developers aware of these two security bug that shows up when using Tor?
    How do we properly report such anonymitythreats, that only show up on Ubuntu?

    1. The Tor Browser launcher is confusingly mixed up with Firefox.
    2. The Vidalia Control Panal doesn't get its own launcher.

    Both these bugs only show up in Ubuntu as there are no known reports of them occurring on any other operating system.

    The first bug results in inevitable privacy violations (because the Unity desktop doesn't distinguish between the non-secure Firefox and the secure Tor browser).
    The second bug prevents necessary changes to the Vidalia settings (except on the very first invocation of the Tor Browser Bundle at installation time).

    The main workaround is to use another operating system when anonymity is desired.

    A secondary workaround is to modify the *.desktop settings, but that will only partially disengages the (secure) Tor Browser from the (insecure) Firefox browser.
    And, that still doesn't help with the Vidalia control panel problem.

    The problem is that I'm almost certainly not the technical guy to report these two bugs - but - since they clearly exist, someone has to report them.
    How do we know whether the developers are aware of these two bugs?
    Last edited by Damico; January 23rd, 2014 at 05:41 PM.

  2. #2
    Join Date
    Jul 2008
    Location
    The Left Coast of the USA
    Beans
    Hidden!
    Distro
    Kubuntu

    Re: Privacy threat due to 2 out-of-the-box bugs in ubuntu 13.10 Unity Tor Browser

    Verbiage sounds familiar ...

    Here maybe?
    Please read The Forum Rules and The Forum Posting Guidelines

    A thing discovered and kept to oneself must be discovered time and again by others. A thing discovered and shared with others need be discovered only the once.
    This universe is crazy. I'm going back to my own.

  3. #3
    Join Date
    Mar 2006
    Location
    Williams Lake
    Beans
    Hidden!
    Distro
    Ubuntu Development Release

    Re: Privacy threat due to 2 out-of-the-box bugs in ubuntu 13.10 Unity Tor Browser

    Quote Originally Posted by Damico View Post
    I'm almost certainly not the technical guy to report these horrid bugs - but - since they haven't been fixed since Ubuntu 13.10 came out, someone has to report them.
    Do we know whether the developers are aware of these two bugs?
    You don't have to have a lot of technical knowledge to report Ubuntu bugs, the developers have made bug reporting fairly easy for everyone, no matter what your skill level. To report a bug against vidalia for example, just press Alt-F2 and type:

    Code:
    apport-bug vidalia
    and follow the prompts. You will have to have a Launchpad account, which you can register quite easily by going to http://launchpad.net, and click the Login or create an account link in the upper right.

  4. #4
    Join Date
    Jan 2014
    Beans
    20

    Re: Privacy threat due to 2 out-of-the-box bugs in ubuntu 13.10 Unity Tor Browser

    Quote Originally Posted by cariboo907 View Post
    You don't have to have a lot of technical knowledge to report Ubuntu bugs
    I appreciate your confidence in me, but, I only know what the bug 'is' and its repercussions. I don't know WHERE the bug lies.
    Is it in the desktop? In Unity? In Ubuntu 13.10 only? In Nautilus? In Tor? In Vidalia?

    Luckily, the bug happens to EVERYONE on Ubuntu (and nobody on any other operating system), so, I can "assume" (although we all know what that means) that it's an Ubuntu problem alone.

    Moving on, and searching on my Windows laptop for tor browser bugs in the suggested location (https://bugs.launchpad.net), I see bugs when I search for "Tor" or for "Vidalia"; but I don't see this bug reported.
    I grepped for both "Tor" and "Vidalia" in the Saucy Salamander Release Known Issues, with similar negative results.

    I can only assume one of three things:
    a) Everyone is too busy with more important things to worry about than privacy issues, or,
    b) I'm the only one on the planet who cares about such privacy issues, or, more likely,
    c) I'm doing the search incorrectly.

    Rather than just assuming my search was bad and giving up, I'll file the bug report from my Windows computer, but, I'm really not the guy to provide technical details to Ubuntu developers.
    I just know usability issues, as they relate to privacy.
    What I know, for sure, is that it doesn't work right on Ubuntu 13.10, such that, any user using the Tor Browser Bundle on Ubuntu 13.10 is taking an additional risk that is not found in all other operating systems for which the tor browser bundle is available.

    EDIT:
    I'm logged into Launchpad, but, at least on Windows (which is all I have right now), pressing Alt+F2 does nothing.
    All I need is a link to file a bug report.

    EDIT:
    OK. That was a royal waste of time. I gave up trying to find the bug reporting button in Launchpad at the suggested URL.

    EDIT:
    Resorting to Google, and typing the obvious: "how to file a bug in ubuntu", this comes up first:
    How to file a bug in Ubuntu (but I don't have flash installed on the Windows work computer I'm at).

    Next on google is bug-reporting etiquette, and How do I report a bug, both of which seem to contain the detailed steps to report the bug (but, that strange Alt+F2 shows up again, which, again, doesn't do anything while logged into Launchpad).

    EDIT: Woo hoo. I finally found a link to file a bug report on Launchpad!

    I filed the bug report:
    Title: Privacy leak ONLY on Ubuntu 13.10/Unity using default official Tor Browser Bundle (including Vidalia)
    Last edited by Damico; January 23rd, 2014 at 07:41 PM.

  5. #5
    Join Date
    Mar 2006
    Location
    Williams Lake
    Beans
    Hidden!
    Distro
    Ubuntu Development Release

    Re: Privacy threat due to 2 out-of-the-box bugs in ubuntu 13.10 Unity Tor Browser

    Apport-bug only works when running an Ubuntu distribution, I assumed that seeing as you are posting here that you are at least running Ubuntu.

  6. #6
    Join Date
    Jan 2014
    Beans
    20

    Re: Privacy threat due to 2 out-of-the-box bugs in ubuntu 13.10 Unity Tor Browser

    Quote Originally Posted by cariboo907 View Post
    Apport-bug only works when running an Ubuntu distribution, I assumed that seeing as you are posting here that you are at least running Ubuntu.
    I have multiple computers. Not all operating systems at all locations. When I was reporting the bug, I wasn't on ubuntu. Probably 10% of the time I'm on Ubuntu, the rest on Windows.
    Of course, EXACTLY what I thought would happen to the bug, happened.
    A bot appended that I didn't add enough information, even though I painstakingly explained every single bit of information that I knew.
    Here's what the bot said:
    Thank you for taking the time to report this bug and helping to make Ubuntu better. It seems that your bug report is not filed about a specific source package though, rather it is just filed against Ubuntu in general. It is important that bug reports be filed about source packages so that people interested in the package can find the bugs about it. You can find some hints about determining what package your bug might be about at https://wiki.ubuntu.com/Bugs/FindRightPackage. You might also ask for help in the #ubuntu-bugs irc channel on Freenode.
    To change the source package that this bug is filed about visit https://bugs.launchpad.net/ubuntu/+b...25/+editstatus and add the package name in the text box next to the word Package.
    So, do any security experts know which PACKAGE to file the bug against?

  7. #7
    Join Date
    Jul 2008
    Location
    The Left Coast of the USA
    Beans
    Hidden!
    Distro
    Kubuntu

    Re: Privacy threat due to 2 out-of-the-box bugs in ubuntu 13.10 Unity Tor Browser

    Did you install the tor Browser Bundle from the Canonical repo?
    Please read The Forum Rules and The Forum Posting Guidelines

    A thing discovered and kept to oneself must be discovered time and again by others. A thing discovered and shared with others need be discovered only the once.
    This universe is crazy. I'm going back to my own.

  8. #8
    Join Date
    Jan 2014
    Beans
    20

    Re: Privacy threat due to 2 out-of-the-box bugs in ubuntu 13.10 Unity Tor Browser

    Quote Originally Posted by QIII View Post
    Did you install the tor Browser Bundle from the Canonical repo?
    Well, that's an interesting question, if only, the answer was assumed to be that it doesn't exist in the Canonical repo.
    Does a Tor Browser Bundle actually EXIST in the Canonical repo?
    (If so, that's new welcome news to me - because it would indicate that Canonical is interested in protecting their user's privacy - and - if so - that's a great step forward for Canonical - but I've never seen it.)
    Note: The Tor Browser Bundle is not just an assemblage of Tor, Privoxy, Firefox, and Vidalia.
    Last edited by Damico; January 25th, 2014 at 09:27 AM.

  9. #9
    Join Date
    Jul 2008
    Location
    The Left Coast of the USA
    Beans
    Hidden!
    Distro
    Kubuntu

    Re: Privacy threat due to 2 out-of-the-box bugs in ubuntu 13.10 Unity Tor Browser

    That is exactly my point. It doesn't exist in the Canonical repos. And I know that the TBB is not just several things assembled. I know exactly what it is and where it comes from.

    Did you install it from a PPA from some place like webupd8.org? Did you install it after getting it from torproject.org?
    Last edited by QIII; January 25th, 2014 at 08:08 AM.
    Please read The Forum Rules and The Forum Posting Guidelines

    A thing discovered and kept to oneself must be discovered time and again by others. A thing discovered and shared with others need be discovered only the once.
    This universe is crazy. I'm going back to my own.

  10. #10
    Join Date
    Jan 2014
    Beans
    20

    Re: Privacy threat due to 2 out-of-the-box bugs in ubuntu 13.10 Unity Tor Browser

    Quote Originally Posted by QIII View Post
    That is exactly my point. It doesn't exist in the Canonical repos. And I know that the TBB is not just several things assembled. I know exactly what it is and where it comes from.

    Did you install it from a PPA from some place like webupd8.org? Did you install it after getting it from torproject.org?
    How it was installed was described in the bug report but I'll repeat here, the installation procedure is simply to untar the package.
    That's it.

    Nothing more than that, is all you should EVER need to "install" the Tor Browser Bundle, since it's DESIGNED to be portable, from the start.

    • So, on Windows, to install it, you simply unpack it and then run it.
    • Likewise, on Apple, you simply unpack it, and run it.
    • It works the same way on Linux (all but Ubuntu).


    Here's the web page with those simple instructions:
    https://www.torproject.org/download/...d-easy.html.en

Page 1 of 3 123 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •