> Turns out an unrelated 3rd party can suddenly remotely disable Tor anonymity protections at their whim<p>Am I the only one annoyed by people pushing this "they flicked a switch" narrative? No. They provided shitty software that didn't work under certain conditions (in this case date related) and thus broke your shitty software.<p>A third party having remote control capability is something entirely different.
Somewhat related to this ongoing Mozilla plugin saga, are there any infamous stories I should look up that involve huge mistakes leading to unfixable clients? Ie. Imagine bricking your customer's devices with an irreversible buggy update. In Mozilla's case they were able to deploy a hotfix for many, and an update for others. But I imagine there's got to be some great stories about completely bricking countless devices.
If Mozilla hadn't locked down Firefox so much, the fix could have been as simple as going into about:config and flipping a switch to allow unsigned plugins.
> Turns out
an unrelated 3rd party can suddenly remotely disable Tor anonymity protections
at their whim, and possibly endanger TBB users (or deliberately help in
deanonymizing them).<p>> remotely disable Tor anonymity protections [!]<p>Maybe a 'certificate is expiring soon' warning on the browser side?<p>Users would know and Mozilla would be forced to keep certs valid.
One of the weird things here is that javascript is not disabled by default in the Tor Browser and instead an addon is needed.<p>This whole thing is also yet another reason to use something like Tails or Whonix which are much safer to use with JS enabled.
I remember saying over and over again that using Firefox for the TOR browser was a horrible idea.<p>Use curl -H "" and links --dump. Until we have something sane that's really the only safe way to browse TOR if you actually have something to hide.<p>(There's dillo and other things like the absolutely horrifying browser I've been writing but that hardly even supports forms right now heh. but I'm worried about connecting stuff like that to stuff like TOR)
Every single one of my Firefox extensions stopped working with an error message that says "could not be verified for use in Firefox and has been disabled" re-downloading doesn't work either. I'm assuming it's happening to everyone?
I can't improve upon this comment:<p>"Hey Mozilla - this is why people said that forcing addons to be signed with no way to disable was a bad idea. You didn't even make it a year without screwing it up.<p>Who could have seen this coming? Oh wait, pretty much everyone who argued against this policy."