Hi dear Fedora officials ! I my previous post here I discribed Fedora to be one of the most secure distro - see:
https://discussion.fedoraproject.org/t/open-thankfull-message-for-fedora-project-developers-team-packagers-with-suggestions/7664/4
However, there is some thing very very bad break my previous opinion - I wish I’m wrong ! See this bug that I’m already opened:
https://bugzilla.redhat.com/show_bug.cgi?id=1842171
It’s date of post at 30 \ 5 \ 2020
I was suriprised why it is still mantained the defected add-on all this time …
Today, I received new post inform that the GNU foundation already removed the defected add-on from IceCat - see last comment in bug above - bellow is copy/past of it:
Oyvind Saether 2020-09-08 22:52:15 UTC
The Onion Browser Button extension from 2010 has been removed upstream because it is wildly insecure, it doesn’t do what it is supposed to do and it tells you that you’re connected to Tor when you’re not.
Fedora should remove it from the IceCat build it ships ASAP, see
Moreover, I was shocked from what I read in the link given by the poster - see the following link:
It is talking badly on our distro (Fedora) put a question mark about it’s security practice !! Bellow I will copy/past the talk:
GNU IceCat used to bundle an additional extension called “Onion Browser Button” which claimed to allow you to “Easily browse the internet using TOR proxy with just one click!”. It didn’t, it would claim to enable Tor and do absolutely nothing beyond claiming Tor was enabled.
The bundled “Onion Browser Button” extension, last updated in 2010, was finally removed from the GNU IceCat git repository in June 2020 after it had been included in a broken state for half a decade. Several GNU/Linux distributions, including Fedora 32 and 33, still ship this totally useless and outright dangerous extension with their GNU IceCat builds. That is a total scandal. The reason it is such a scandal is that the long-broken “Onion Browser Button” extension will tell end-users that they are using the Tor network to anonymously connect to the website they visit when they are, in fact, not.
We can only hope that distributions get a clue and eradicate the long-broken useless “Onion Browser Button” extension from their builds. The Fedora GNU IceCat maintainer appears to have problems getting a clue if IBM/RedHat bug #1842171 is any indication, he seems to think that a GUI telling users they are using Tor when they aren’t isn’t a gigantic security issue. That indicates that one may want to ask some hard questions about Fedora’s security practices.
Please behave urgently … The most important is that you should investigate whether the Fedora maintainer of GNU IceCat maintain this security risk INTENDEDLY or not ??
Thank you for your attention !