[pabs3]

There are some ways to mitigate some of the threats that you mention. Using Qubes or Whonix could prevent network access to other programs. The unencrypted requests can be blocked by turning on the EASE option in the HTTPS-Everywhere preferences. Tor doesn't have any way to protect against global adversaries performing timing analysis or attacks though.

[als0]

Yeah I'm surprised HTTPSEverywhere with EASE isn't a part of the Tor browser. Maybe a contributor on here can comment?

[0xggus]

https://gitlab.torproject.org/tpo/applications/tor-browser/-...

https://bugzilla.mozilla.org/buglist.cgi?classification=Clie...

[hasseweyl]

It is though. Add HTTPSEverywhere to the toolbar using customize, and you will get the option to enable "Encrypt All Sites Eligible". Working as of Tor Browser 10.0 (ESR 78.3)

Version: 2020.8.13 Rulesets version for EFF (Full): 2020.9.14 Rulesets version for SecureDropTorOnion: 2020.7.30