[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #10419 [Firefox Patch Issues]: Can requests to 127.0.0.1 be used to fingerprint the browser?

Subject: [tor-bugs] #10419 [Firefox Patch Issues]: Can requests to 127.0.0.1 be used to fingerprint the browser?
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Tue, 17 Dec 2013 01:38:30 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 16 Dec 2013 20:38:35 -0500
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#10419: Can requests to 127.0.0.1 be used to fingerprint the browser?
----------------------------------+---------------------------
 Reporter:  mikeperry             |          Owner:  mikeperry
     Type:  task                  |         Status:  new
 Priority:  major                 |      Milestone:
Component:  Firefox Patch Issues  |        Version:
 Keywords:  tbb-fingerprinting    |  Actual Points:
Parent ID:                        |         Points:
----------------------------------+---------------------------
 If a site makes connection attempts or element loads sourced for
 127.0.0.1, can it build a list of open local TCP ports for fingerprinting
 purposes? Open ports may yield different error conditions than closed
 ports for certain request types and elements..

 There may be other vectors to to this through DNS rebinding too, but I
 believe in those cases the hostname should always be provided to the SOCKS
 port, and such connections will happen to the exit, which should block
 them.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10419>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Follow-Ups:
- Re: [tor-bugs] #10419 [Firefox Patch Issues]: Can requests to 127.0.0.1 be used to fingerprint the browser?
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #10309 [TorBirdy]: TorBirdy - IMAP issue
Next by Author: Re: [tor-bugs] #9761 [Ooni]: unsupported OS: Ubuntu 13.04
Previous by thread: Re: [tor-bugs] #10418 [Tor Launcher]: Make a "Use Default Bridges" Radio button in the Tor Launcher Bridge UI
Next by thread: Re: [tor-bugs] #10419 [Firefox Patch Issues]: Can requests to 127.0.0.1 be used to fingerprint the browser?
Index(es):
- Author
- Thread