iceweasel addon - FoxyProxy
While FoxyProxy is a nice idea in theory, in practice it is impossible to configure securely for Tor usage without Torbutton. Like all vanilla third party proxy plugins, the main risks are plugin leakage and history disclosure, followed closely by cookie theft by exit nodes and tracking by adservers (see the Torbutton Adversary Model for more information). However, with Torbutton installed in tandem and always enabled, it is possible to configure FoxyProxy securely (though it is tricky). Since FoxyProxy's 'Patterns' mode only applies to specific urls, and not to an entire tab, setting FoxyProxy to only send specific sites through Tor will still allow adservers (whose hosts don't match your filters) to learn your real IP. Worse, when sites use offsite logging services such as Google Analytics, you will still end up in their logs with your real IP. Malicious exit nodes can also cooperate with sites to inject images into pages that bypass your filters. Setting FoxyProxy to only send certain URLs via Non-Tor is much more secure in this regard, but be very careful with the filters you allow. For example, something as simple as allowing google to go via Non-Tor will still cause you to end up in all the logs of all websites that use Google Analytics! See this question on the FoxyProxy FAQ for more information.
We want to use FoxyProxy to handle I2P integration and maybe "FTP support":./FTP_in_Iceweasel.html in Iceweasel. Our filters are just used to make the correct proxy being used for a given url, so the "critique" in the Torbutton FAQ doesn't really apply w.r.t. security. Our main concern is that the experience will be seamless for the user, i.e. that:
- I2P eepsites (i.e. .i2p tld sites) are proxied through I2P.
- the rest is proxied through Tor.
See "audit FoxyProxy configuration":./audit_FoxyProxy_configuration.html.