[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #3600 [TorBrowserButton]: Prevent redirects from transmitting+storing cookies+identifiers



#3600: Prevent redirects from transmitting+storing cookies+identifiers
------------------------------+---------------------------------------------
 Reporter:  mikeperry         |          Owner:  mikeperry                    
     Type:  defect            |         Status:  new                          
 Priority:  major             |      Milestone:  TorBrowserBundle 2.3.x-stable
Component:  TorBrowserButton  |        Version:                               
 Keywords:  tbb-linkability   |         Parent:                               
   Points:                    |   Actualpoints:                               
------------------------------+---------------------------------------------

Comment(by mikeperry):

 Another datapoint: Google adwords will in some cases transparently
 redirect you through www.google.com as a first party with a huge bunch of
 mystery data encoded in the GET url path. It's not a regular behavior for
 all ads, but my guess would be that it is done through a window.location-
 style JS redirect during ad click, since my browser status bar did not
 display a www.google.com destination url prior to click.

 I'm not sure if this example helps settle the "prompt or defang?" dilemma
 for these types of redirects.. That probably depends on common federated
 login mechanisms and viable alternatives, which in and of itself probably
 means "deploy the prompt first, and see what gets interrupted by it".

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/3600#comment:20>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs