[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #10419 [Firefox Patch Issues]: Can requests to 127.0.0.1 be used to fingerprint the browser?

Subject: Re: [tor-bugs] #10419 [Firefox Patch Issues]: Can requests to 127.0.0.1 be used to fingerprint the browser?
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Wed, 22 Jan 2014 09:18:06 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 22 Jan 2014 04:18:00 -0500
In-reply-to: <049.e964d1a87913ebd0ef85238f2e796a32@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <049.e964d1a87913ebd0ef85238f2e796a32@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#10419: Can requests to 127.0.0.1 be used to fingerprint the browser?
--------------------------------------+--------------------------------
     Reporter:  mikeperry             |      Owner:  mikeperry
         Type:  task                  |     Status:  new
     Priority:  major                 |  Milestone:
    Component:  Firefox Patch Issues  |    Version:
   Resolution:                        |   Keywords:  tbb-fingerprinting
Actual Points:                        |  Parent ID:
       Points:                        |
--------------------------------------+--------------------------------

Comment (by gk):

 Replying to [comment:5 oc]:
 > If I understand correctly, this ticket is about evaluating localhost
 fingerprinting risks, which is all good. #10686 was about considering
 ''any'' clear-text request to localhost a breach to TBB's proxy obedience
 requirement

 Where is the breach, exactly? The design document says:
 {{{
 The browser MUST NOT bypass Tor proxy settings for any content.
 }}}
 And including "127.0.0.1" into "content" does not make any sense here as
 this would imply that TBB users could never access 127.0.0.1 themselves (I
 don't see how you can proxy 127.0.0.1 if your proxy is listening at
 127.0.0.1 as well).

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10419#comment:9>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #10549 [Website]: torbrowser in the apple app store is fake
Next by Author: Re: [tor-bugs] #9187 [Metrics Website]: Make 'number of obfsbridges' metrics graphs
Previous by thread: Re: [tor-bugs] #10419 [Firefox Patch Issues]: Can requests to 127.0.0.1 be used to fingerprint the browser?
Next by thread: Re: [tor-bugs] #10419 [Firefox Patch Issues]: Can requests to 127.0.0.1 be used to fingerprint the browser?
Index(es):
- Author
- Thread