Page MenuHomePureOS Tracker
Create Task
Maniphest T822

Ensure that the block lists pulled in by uBlock Origin are properly audited and tamper-proof
Open, NormalPublic
Actions

Description

There are reasonable security measures in place to ensure that uBlock Origin itself from PureOS is tamper-proof or at least very hard to tamper with.

But the block lists are pulled in from all over the internet and if an attacker manages to compromise any one of those lists on any one of the third-party servers that host them or while the lists are traveling across the internet, your privacy and possibly your security are as good as gone. I'm not even sure whether those lists are properly audited in the first place.

I'm not a security expert and the description might not be correctly formulated but I think a security expert can still get the idea.

Event Timeline

Squid created this task.Sep 10 2019, 09:11
Squid renamed this task from Ensure that block lists pulled in by uBlock Origin are properly audited and tamper-proof to Ensure that the block lists pulled in by uBlock Origin are properly audited and tamper-proof.Sep 11 2019, 12:04
Squid assigned this task to kyle.rankin.
Squid updated the task description. (Show Details)
jeremiah.foster added a subscriber: jeremiah.foster.Oct 1 2019, 09:47

This might be better addressed upstream, presumably uBlock Origin itself audits the remote lists?

jeremiah.foster triaged this task as Normal priority.Oct 1 2019, 09:47
Squid added a comment.Oct 15 2019, 02:55
In T822#15824, @jeremiah.foster wrote:

This might be better addressed upstream, presumably uBlock Origin itself audits the remote lists?

Only a security expert can establish what needs to be done.