[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #15580 [Tor Browser]: Update design doc for TBB 4.5

Subject: Re: [tor-bugs] #15580 [Tor Browser]: Update design doc for TBB 4.5
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Thu, 30 Apr 2015 19:20:43 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 30 Apr 2015 15:20:53 -0400
In-reply-to: <049.b2bfec2b31231dd327d65e5f511716bd@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <049.b2bfec2b31231dd327d65e5f511716bd@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#15580: Update design doc for TBB 4.5
-------------------------+-------------------------------------------------
     Reporter:           |      Owner:  mikeperry
  mikeperry              |     Status:  new
         Type:  task     |  Milestone:
     Priority:  normal   |    Version:
    Component:  Tor      |   Keywords:  TorBrowserTeam201504, tbb-4.5-alpha
  Browser                |  Parent ID:
   Resolution:           |
Actual Points:           |
       Points:           |
-------------------------+-------------------------------------------------

Comment (by gk):

 I have feedback up to the fingerprinting part. The two bigger things in
 the attached patch are that tracking with HTTP works perfectly fine
 without having JavaScript enabled and that we did not fully isolate
 `URL.createObjectURL` to the URL bar domain but rather just disable it in
 worker contexts for now.
 One thing that confused me and is not reflected in the patch is the "IP
 address, Tor Circuit, and HTTP Keep-Alive linkability" part. I did not
 really get what the IP address isolation adds/means in this context. And
 mixing somehow IP address unlinkability and Tor circuit unlinkability in
 {{{
 The Tor client has
 logic to prevent connections with different SOCKS usernames and passwords
 from
 using the same Tor circuit, which provides us with IP address
 unlinkability.
 }}}
 makes it a bit confusing. I think we should just omit the IP address
 references and talk about Tor circuit unlinkability in these cases. This
 makes the point in a straightforward way without distinguishing between
 both.

 I like the fingerprinting introduction really well. It occurred to me that
 we can make our position even clearer but then I got distracted by the
 HTTP submission. I'll provide a second patch for that and review the rest
 of it as soon as I can. Might not be tomorrow or over the weekend but I am
 optimistic that we can send the mail to Nick on Monday.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/15580#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

References:
- [tor-bugs] #15580 [Tor Browser]: Update design doc for TBB 4.5
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #15822 [Tor]: HS client connections with authorization are broken
Next by Author: Re: [tor-bugs] #15866 [BridgeDB]: BridgeDB has less bridges because the BridgeAuthority appears to be giving it incorrect networkstatuses
Previous by thread: Re: [tor-bugs] #15580 [Tor Browser]: Update design doc for TBB 4.5
Next by thread: Re: [tor-bugs] #15580 [Tor Browser]: Update design doc for TBB 4.5
Index(es):
- Author
- Thread