[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #10419 [Firefox Patch Issues]: Can requests to 127.0.0.1 be used to fingerprint the browser?



#10419: Can requests to 127.0.0.1 be used to fingerprint the browser?
--------------------------------------+--------------------------------
     Reporter:  mikeperry             |      Owner:  mikeperry
         Type:  task                  |     Status:  new
     Priority:  major                 |  Milestone:
    Component:  Firefox Patch Issues  |    Version:
   Resolution:                        |   Keywords:  tbb-fingerprinting
Actual Points:                        |  Parent ID:
       Points:                        |
--------------------------------------+--------------------------------

Comment (by oc):

 If I understand correctly, this ticket is about evaluating localhost
 fingerprinting risks, which is all good. #10686 was about considering
 ''any'' clear-text request to localhost a breach to TBB's proxy obedience
 requirement (disregarding whether good fingerprinting can be achieved or
 not). The difference becomes obvious when one considers CUPS, or any other
 HTTP service may run on TBB's host.

 Max Jacob Maass has put up a test page:
 * http://62.141.42.149/test.php
 * http://ehlznccisf5mnhw2.onion/test.php

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10419#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs