[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #23349 [Applications/Tor Browser]: Disable navigator.send_beacon().

To: undisclosed-recipients: ;
Subject: Re: [tor-bugs] #23349 [Applications/Tor Browser]: Disable navigator.send_beacon().
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Tue, 29 Aug 2017 09:25:12 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 29 Aug 2017 05:25:21 -0400
In-reply-to: <047.4e3912276984d7752a84ea3779142cc4@torproject.org>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <047.4e3912276984d7752a84ea3779142cc4@torproject.org>
Reply-to: no-reply@xxxxxxxxxxxxxx, tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#23349: Disable navigator.send_beacon().
--------------------------------------+-----------------------------------
 Reporter:  yawning                   |          Owner:  tbb-team
     Type:  defect                    |         Status:  needs_information
 Priority:  Medium                    |      Milestone:
Component:  Applications/Tor Browser  |        Version:
 Severity:  Normal                    |     Resolution:
 Keywords:                            |  Actual Points:
Parent ID:                            |         Points:
 Reviewer:                            |        Sponsor:
--------------------------------------+-----------------------------------

Comment (by yawning):

 Replying to [comment:1 gk]:
 > What is so special about `sendBeacon` that we should treat it
 differently than the more cumbersome it means to replace (see the MDN page
 you linked to and https://w3c.github.io/beacon/, especially the Privacy
 and Security section? Or, asked differently, why should we allow all the
 other awful techniques but not `sendBeacon`.

 In an ideal world, we shouldn't allow any of those other awful things
 either.

 > Could you elaborate on the "runs counter to 'Transpaency in Navigation
 Tracking'" claim? What does `sendBeacon` add that is not entailed in the
 usual third party (data aggregation) requests?

 "Report session data when the page transitions to background state or is
 being unloaded, without blocking the user agent." is anything but
 transparent.  Philosophically, an API call that was introduced primarily
 to facilitate anti-privacy practices is horrific and evil.

 I guess a better time to push for it being disabled was, when it was first
 introduced, because it was blatantly broken (CVE-2014-8638), and not just
 when I disagree with it from a philosophical point of view.

 *shrug*

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/23349#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

References:
- [tor-bugs] #23349 [Applications/Tor Browser]: Disable navigator.send_beacon().
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #21952 [Webpages]: .Onion everywhere?: increasing the use of onion services through automatic redirects and aliasing
Next by Author: Re: [tor-bugs] #23270 [Core Tor/Tor]: Please stop tor routers from advertising racist hate websites
Previous by thread: Re: [tor-bugs] #23349 [Applications/Tor Browser]: Disable navigator.send_beacon().
Next by thread: Re: [tor-bugs] #17400 [Applications/Tor Browser]: Decide how to use the multi-lingual Tor Browser in the alpha/release series
Index(es):
- Author
- Thread