[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #10419 [Firefox Patch Issues]: Can requests to 127.0.0.1 be used to fingerprint the browser?

Subject: Re: [tor-bugs] #10419 [Firefox Patch Issues]: Can requests to 127.0.0.1 be used to fingerprint the browser?
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Wed, 22 Jan 2014 16:09:59 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 22 Jan 2014 11:11:23 -0500
In-reply-to: <049.e964d1a87913ebd0ef85238f2e796a32@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <049.e964d1a87913ebd0ef85238f2e796a32@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#10419: Can requests to 127.0.0.1 be used to fingerprint the browser?
--------------------------------------+--------------------------------
     Reporter:  mikeperry             |      Owner:  mikeperry
         Type:  task                  |     Status:  new
     Priority:  major                 |  Milestone:
    Component:  Firefox Patch Issues  |    Version:
   Resolution:                        |   Keywords:  tbb-fingerprinting
Actual Points:                        |  Parent ID:
       Points:                        |
--------------------------------------+--------------------------------

Comment (by cypherpunks):

 (cypherpunks2)

 Replying to [comment:9 gk]:
 > And including "127.0.0.1" into "content" does not make any sense here as
 this would imply that TBB users could never access 127.0.0.1 themselves (I
 don't see how you can proxy 127.0.0.1 if your proxy is listening at
 127.0.0.1 as well).

 So seperate from the fingerprinting issue, It would at least go against
 the spirit of that requirement if a website accessed through Tor Browser
 can tunnel a clearnet request through a commonly installed server running
 on 127.0.0.1, no?

 So originally it was less a case of "proxying 127.0.0.1" than "denying
 unneccessary connections to 127.0.0.1", but it turns out NoScript ABE is
 superior in that it removes less functionality.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10419#comment:10>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #10640 [TorBrowserButton]: Fix about:tor's pointer position for RTL languages
Next by Author: Re: [tor-bugs] #10419 [Firefox Patch Issues]: Can requests to 127.0.0.1 be used to fingerprint the browser?
Previous by thread: Re: [tor-bugs] #10419 [Firefox Patch Issues]: Can requests to 127.0.0.1 be used to fingerprint the browser?
Next by thread: Re: [tor-bugs] #10419 [Firefox Patch Issues]: Can requests to 127.0.0.1 be used to fingerprint the browser?
Index(es):
- Author
- Thread