From 985e8543a3586492b25311cd0573d51678f039c7 Mon Sep 17 00:00:00 2001 From: Steven Murdoch Date: Wed, 19 Mar 2008 10:49:33 +0000 Subject: Added Automatic Firefox Notification extension to the verify-tor-usage proposal (thanks Mike Perry) svn:r14128 --- proposals/131-verify-tor-usage.txt | 35 ++++++++++++++++++++++++++++++++--- 1 file changed, 32 insertions(+), 3 deletions(-) (limited to 'proposals/131-verify-tor-usage.txt') diff --git a/proposals/131-verify-tor-usage.txt b/proposals/131-verify-tor-usage.txt index 0620928..bbc0b36 100644 --- a/proposals/131-verify-tor-usage.txt +++ b/proposals/131-verify-tor-usage.txt @@ -68,7 +68,7 @@ Extensions: configuration could include the following HTML:

Connection chain

@@ -78,8 +78,8 @@ Extensions: browser:

Connection chain @@ -92,6 +92,35 @@ Extensions: loaded then the user will know that external connectivity through Tor works. + Automatic Firefox Notification: + + All forms of the website should return valid XHTML and have a + hidden link with an id attribute "TorCheckResult" and a target + property that can be queried to determine the result. For example, + a hidden link would convey success like this: + + + + failure like this: + + + + and DNS leaks like this: + + + + Firefox extensions such as Torbutton would then be able to + issue an XMLHttpRequest for the page and query the result + with resultXML.getElementById("TorCheckResult").target + to automatically report the Tor status to the user when + they first attempt to enable Tor activity, or whenever + they request a check from the extension preferences window. + + If the check website is to be themed with heavy graphics and/or + extensive documentation, the check result itself should be + contained in a seperate lightweight iframe that extensions can + request via an alternate url. + Security and resiliency implications: What attacks are possible? -- cgit v1.2.3-54-g00ecf