Brave-browser: Add a way to disable Tor via admin policy

Created on 29 Jun 2018  路  18Comments  路  Source: brave/brave-browser

Test plan

  1. Fresh install of Brave (clean profile)
  2. Open regedit
  3. For 64 bit, create the following keys:
    BraveSoftware\Brave
    under the existing key:
    HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Policies\
    (for 32 bit, you can edit HKEY_LOCAL_MACHINE\SOFTWARE\Policies\)
  4. Create a DWORD value at this path called TorDisabled and set the value as 1
  5. Launch Brave
  6. Verify Managed by your organization shows as the last item under the hamburger menu
  7. If you click Managed by your organization, it should take you to brave://management
  8. Verify no Tor options are shown in the UI
  9. Exit Brave
  10. Open the profile directory (%USERPROFILE%\AppData\Local\BraveSoftware\Brave-Browser\User Data)and look for the Tor executable (usually under a path like cpoalefficncklhjfpglfiplenlpccdb\1.0.6). It should NOT be there.

Original issue description

https://twitter.com/dlepi/status/1012732537196765189

Via a method like these work:
https://www.chromium.org/administrators/policy-list-3

OWindows QA Pass-Win64 QTest-Plan-Specified QYes featurtor prioritP3 release-noteinclude
Source
picture bbondy
👍8

Most helpful comment

@notoriousturtle starting Monday, @simonhong will be looking at a group policy to completely disable Tor. Please stay tuned

picture bsclifton on 15 Sep 2019
🎉2

All 18 comments

I had to have my team uninstall this browser from our company's computers because of TOR.

billrob picture billrob on 5 Jul 2018
😕2

Thanks for letting us know @billrob. Note that it won't run without opt-in, but I know we need a way to completely disable it from even being installed, this will cover it.

bbondy picture bbondy on 9 Sep 2018

@bbondy Security folks are at it again at my employer. Since it has the option to private browse with TOR, they won't have any of it. Boo.

billrob picture billrob on 19 Oct 2018

I have this issue too, our School doesn't allow the use of VPN, proxys or Tor on our computers. Since it is opt in we can still use the browser if we want, but the use of Tor would be conflicting with their policy. Being able to completely remove it would be a great thing!

Jacalz picture Jacalz on 21 Nov 2018

+1

Thymester picture Thymester on 12 Sep 2019
👍1

@BrendanEich

You鈥檙e losing users because your team is failing to provide an option to disable Tor. Tor is a serious security concern.

notoriousturtle picture notoriousturtle on 15 Sep 2019
👍1

@notoriousturtle starting Monday, @simonhong will be looking at a group policy to completely disable Tor. Please stay tuned

bsclifton picture bsclifton on 15 Sep 2019
🎉2

@darkdh Can we turn on/off tor feature at runtime?
If not, I think we need that switch to control tor by admin policy.

simonhong picture simonhong on 16 Sep 2019
👍1

Awesome, appreciated! @bsclifton @simonhong

notoriousturtle picture notoriousturtle on 16 Sep 2019

@simonhong we can't do that at runtime. You can grep ENABLE_TOR build flag and you can see why

darkdh picture darkdh on 16 Sep 2019

Quick heads up for folks following this: we've got it solved 馃槃 (thanks @simonhong and reviewers that helped)

Basically, there is a group policy value you can create TorDisabled which would go under HKEY_LOCAL_MACHINE\SOFTWARE\Policies\BraveSoftware\Brave and is set to false

We're shooting to have this in version 0.72.x (which is currently on Beta)

bsclifton picture bsclifton on 6 Nov 2019

It seems that this PR is Windows only. Adding OS/Windows flag.

btlechowski picture btlechowski on 3 Dec 2019

There's a selection of macOS fleet-management software which uses Group Policy. But I admit that it'd be hard to test that here.

tomlowenthal picture tomlowenthal on 4 Dec 2019

@tomlowenthal are you talking about something like Jamf? The device management software should not be relevant. How can this be configured on the macOS version?

notoriousturtle picture notoriousturtle on 5 Dec 2019

@notoriousturtle Yes, that sort of thing. The management software is unfortunately relevant because as far as I know macOS doesn't have a uniform way to expose config info to applications like Windows does.

tomlowenthal picture tomlowenthal on 5 Dec 2019

@tomlowenthal jamf has to do it somehow right? How can a normal enduser disable the Tor feature?

notoriousturtle picture notoriousturtle on 5 Dec 2019

@notoriousturtle there's a separate settings switch for that which we just implemented in brave/brave-core#4046 .

tomlowenthal picture tomlowenthal on 5 Dec 2019

Verification passed on

Brave | 1.3.101 Chromium: 79.0.3945.130聽(Official Build)聽beta聽(64-bit)
-- | --
Revision | e22de67c28798d98833a7137c0e22876237fc40a-refs/branch-heads/3945@{#1047}
OS | Windows聽10 OS Version 1909

Brave | 1.3.101 Chromium: 79.0.3945.130聽(Official Build)聽beta聽(64-bit)
-- | --
Revision | e22de67c28798d98833a7137c0e22876237fc40a-refs/branch-heads/3945@{#1047}
OS | Windows聽7 Service Pack 1 (Build 7601.24544)

Verified the test plan from the description.

Verified Managed by your organization is shown in the hamburger menu

image

Verified that Managed by your organization, opens brave://management
brave://management is empty. Logged https://github.com/brave/brave-browser/issues/7920

Verified that Tor links are not shown in hamburger menu.
Verified that Alt+Shift+n does not open Tor Window
A reference to Tor can be seen in Private Window. Logged https://github.com/brave/brave-browser/issues/7921

Verified that tor component is not present in User profile

Verified Tor component is not listed in brave://components/

btlechowski picture btlechowski on 27 Jan 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

lansana picture lansana  路  3Comments
bbondy picture bbondy  路  3Comments
qingxiang-jia picture qingxiang-jia  路  3Comments
kjozwiak picture kjozwiak  路  3Comments
kjozwiak picture kjozwiak  路  3Comments