[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #19229 [Applications/Tor Browser]: Canary monitoring



#19229: Canary monitoring
------------------------------------------+----------------------
     Reporter:  cypherpunks               |      Owner:  tbb-team
         Type:  project                   |     Status:  new
     Priority:  Medium                    |  Milestone:
    Component:  Applications/Tor Browser  |    Version:
     Severity:  Normal                    |   Keywords:
Actual Points:                            |  Parent ID:
       Points:                            |   Reviewer:
      Sponsor:                            |
------------------------------------------+----------------------
 Some websites put canaries into their Privacy Policy as a legal way to
 inform the users about gag orders. It is fine to have a browser extension
 checking for canaries and warn users if canary disappear.

 If an extension discovers a valid canary, it caches the site as canaried.
 If a canary changes or disappears it informs the user. A DB of known
 canaries can be available as a subscription (like adblock one).

 First it tries to discover a canary in the page. If it doesn't, it looks
 for meta or a element referring to ToS and privacy policy and looks for
 canaries there.

 To discover a canary an extension searches in meta tags for it. If it
 finds a meta element with content having a canary it means it has a
 canary. This canary has the following format <meta name="any string"
 content="Any standardized canary message|valid date|b64 encoded EdDSA
 public key|b64 encoded EdDSA signature of PKCS7 padded everything before
 it"/>. The implementation must check the signature and pin public key.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/19229>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs