[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #10419 [Firefox Patch Issues]: Can requests to 127.0.0.1 be used to fingerprint the browser?

Subject: Re: [tor-bugs] #10419 [Firefox Patch Issues]: Can requests to 127.0.0.1 be used to fingerprint the browser?
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Fri, 07 Feb 2014 18:54:06 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 07 Feb 2014 13:53:56 -0500
In-reply-to: <049.e964d1a87913ebd0ef85238f2e796a32@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <049.e964d1a87913ebd0ef85238f2e796a32@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#10419: Can requests to 127.0.0.1 be used to fingerprint the browser?
-------------------------------------+-------------------------------------
     Reporter:  mikeperry            |      Owner:  mikeperry
         Type:  task                 |     Status:  needs_review
     Priority:  major                |  Milestone:
    Component:  Firefox Patch        |    Version:
  Issues                             |   Keywords:  tbb-fingerprinting,
   Resolution:                       |  tbb-pref, MikePerry201401R
Actual Points:                       |  Parent ID:
       Points:                       |
-------------------------------------+-------------------------------------

Comment (by cypherpunks):

 1. This fix can't to prevent fingerprinting for environment where
 Torbrowser used without proxy, like Transparent proxy or something.
 2. Tor is not nanny to control what does Torbrowser and it depends
 ClientRejectInternalAddresses option, yet it loudly yells to user because
 it's bug to surf localhost over Tor.

 If you want to deny localhost connection attempts then find way to deny it
 actually without reinventing any security holes.

 It especially fun with fix for #10682.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10419#comment:32>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #10833 [Firefox Patch Issues]: Screen resolution should not be identical to window size
Next by Author: Re: [tor-bugs] #10418 [Tor Launcher]: Make a "Use Default Bridges" Radio button in the Tor Launcher Bridge UI
Previous by thread: Re: [tor-bugs] #10419 [Firefox Patch Issues]: Can requests to 127.0.0.1 be used to fingerprint the browser?
Next by thread: Re: [tor-bugs] #10419 [Firefox Patch Issues]: Can requests to 127.0.0.1 be used to fingerprint the browser?
Index(es):
- Author
- Thread