Skip to content
iislucas edited this page Apr 23, 2015 · 6 revisions

How to (not) trust uProxy

We would like to minimize the amount of trust you need to place in the uProxy team when using uProxy. Our work in this direction is ongoing. This document exists to explain what we are doing now and the tactics we are using to reduce the trust you need to place in us.

Tactics

  1. Code Audits. We received an initial code design audit from Cure53 in fall of 2014, and plan to continue receiving code audits in the future. The Firefox build also undergoes an independent code review process from Mozilla, when updates are pushed.

  2. Principle of Least Privilege. The bulk of uProxy code is run in web-workers, which do not have access to privileged browser-extension APIs. This helps reduce the size of the trusted code base to the freedom.js library. We will continue testing and hardening that library with a focus on code containment.

  3. Extendable Social Networks. We have built uProxy so that you can use social network providers written by third parties. Some examples of social providers you can host yourself, without trusting us, are social-xmpp, social-IRC, and social-email. We expect to continue improving our user interface to make it easier to use these alternative networks.

How to use uProxy while minimizing the need to trust others

  1. Do not enable metric data collection, or report feedback. These options will cause requests to be made from your machine to servers run by the uProxy team. Including logs in reported feedback, in particular, will send some personally identifiable information, like your IP address, to us.

  2. Do not log into the Facebook or Google networks. These networks make it possible for adversarial "friends" and the company that runs the social network to detect that you're using uProxy. The Facebook provider implements presence notifications through Firebase, so using Facebook may also leak information about your uProxy usage to Google, which owns Firebase. Instead, you can use the one-off "copy-paste" initiation, which allows you to pass invitations over an out-of-band secure channel of your choice. With the tactics above, we describe how we hope to improve the experience for custom initiation, in the future.

Clone this wiki locally