[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #3600 [Tor Browser]: Prevent redirects from transmitting+storing cookies+identifiers

Subject: Re: [tor-bugs] #3600 [Tor Browser]: Prevent redirects from transmitting+storing cookies+identifiers
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Mon, 04 Apr 2016 00:21:55 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sun, 03 Apr 2016 20:22:05 -0400
In-reply-to: <049.47ad3b1289a90313ca28de81a49dd69d@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <049.47ad3b1289a90313ca28de81a49dd69d@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#3600: Prevent redirects from transmitting+storing cookies+identifiers
-------------------------------------+-------------------------------------
 Reporter:  mikeperry                |          Owner:  tbb-team
     Type:  defect                   |         Status:  new
 Priority:  High                     |      Milestone:  TorBrowserBundle
Component:  Tor Browser              |  2.3.x-stable
 Severity:  Major                    |        Version:
 Keywords:  tbb-linkability, tbb-    |     Resolution:
  testcase, tbb-torbutton            |  Actual Points:
Parent ID:                           |         Points:
 Reviewer:                           |        Sponsor:
-------------------------------------+-------------------------------------

Comment (by cypherpunks):

 Replying to [comment:28 mikeperry]:
 > If the user clicks "Proceed with tracking", then cookies, cache, etc
 would be preserved. If the user clicks "Proceed without tracking", then we
 clear all state and identifiers stored for destination.com before loading
 the redirect request. (We would strip any subdomains from both domain.com
 and destination.com in the message dialog, both because this would be less
 confusing and also because our isolation applies to top-level domains).
 Would the state also be cleared after the redirect happened? Or would it
 stay in place but keyed on the originator of the redirection?

 Replying to [comment:29 arma]:
 > People are already driven nuts by the canvas thing.
 Oh come on arma! "People" are also not at all bothered by the canvas
 thing, and "people" would very much like to have more control about
 attempts to track and correlate them. Yes privacy/security and convenience
 are opposite ends of the scale, what's new? "People" can already use any
 number of other browsers if they want convenience.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/3600#comment:30>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #18716 [Tor]: MEMAREA_ALIGN_MASK is wrong for MSVC on x64
Next by Author: Re: [tor-bugs] #18629 [Tor Browser]: archive.tp.o needs a shepherd or it will go away
Previous by thread: Re: [tor-bugs] #3600 [Tor Browser]: Prevent redirects from transmitting+storing cookies+identifiers
Next by thread: Re: [tor-bugs] #3600 [Tor Browser]: Prevent redirects from transmitting+storing cookies+identifiers
Index(es):
- Author
- Thread