[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #16926 [Tor Browser]: Multiple OS: Tor Browser leaks domains to system DNS management.



#16926: Multiple OS: Tor Browser leaks domains to system DNS management.
-------------------------------+------------------------------
     Reporter:  DrMikeTwiddle  |      Owner:  tbb-team
         Type:  defect         |     Status:  new
     Priority:  critical       |  Milestone:
    Component:  Tor Browser    |    Version:  Tor: unspecified
   Resolution:                 |   Keywords:
Actual Points:                 |  Parent ID:
       Points:                 |
-------------------------------+------------------------------

Comment (by teor):

 Have you ever bookmarked tor-only-visited-site.com in another browser?
 Safari on OS X will lookup favicons by making a connection to every site
 in its bookmarks, even if you never visit the site using Safari.

 Some browsers and even other tools (ClipMenu, a clipboard manager) appear
 to connect to the Google Safe Browsing servers. But that shouldn't cause a
 DNS lookup, unless the app in question submits IP addresses rather than
 DNS names. (And it's possible to implement Safe Browsing using a local
 database of URL hashes, rather than a plaintext URL lookup.)
 https://developers.google.com/safe-browsing/

 I wonder if the Finder does either of these things for Finder URL
 bookmarks?
 I wonder if the Dock does them, if you drag an OS X Finder URL bookmark
 into the Dock?

 It may be worth writing up a list of every location on your Mac that
 you've ever used (bookmarked, pasted, typed) tor-only-visited-site.com.
 That would at least help you eliminate possible leak vectors.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16926#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs