[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #16856 [Tor Browser]: 'network.http.speculative-parallel-limit' default setting provides tracking-risk

Subject: [tor-bugs] #16856 [Tor Browser]: 'network.http.speculative-parallel-limit' default setting provides tracking-risk
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Wed, 19 Aug 2015 12:51:54 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 19 Aug 2015 08:52:09 -0400
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#16856: 'network.http.speculative-parallel-limit' default setting provides
tracking-risk
---------------------------+-----------------------------------------------
 Reporter:  RickGeex_      |          Owner:  tbb-team
     Type:  defect         |         Status:  new
 Priority:  major          |      Milestone:  TorBrowserBundle 2.3.x-stable
Component:  Tor Browser    |        Version:  Tor: unspecified
 Keywords:  tor,           |  Actual Points:
  tracking, default        |         Points:
Parent ID:                 |
---------------------------+-----------------------------------------------
 'network.http.speculative-parallel-limit' default setting provides
 tracking-risk

 (thanks to Yuri Khan for the original scenario - 2015-08-14 22:33:56 PDT)

 Potential tracking scenario:

  * '''Attacker''' sends an e-mail to the '''Victim''' with a text around a
 URL
  * '''Victim''' leaves the cursor in the area of the text
  * Tor Browser '''speculatively''' connects to the destination '''URL'''
 in the email
  * the Attacker logs this '''attempts''' and '''assigns''' the exit-node
 ''IP-address'' to the '''Victims''' ''email address''

 The result is that the exit-node's ''IP-address'' can be '''linked''' with
 the '''e-mail address''' of the targetted '''victim'''. Which (in case of
 '''seizing''' a ''exit-node'') can result in '''de-anonimizing''' the un-
 awareÂ'''user''' behind it.

 This is exploitable in the Tor browser because the '''default''' value of
 the pre-connections API ('network.http.speculative-parallel-limit') is
 '''6'''

 A fix to mitigate this problem is to set 'network.http.speculative-
 parallel-limit' to '''0''' by '''default'''.

 '''References'''

  * '''âhttps://bugzilla.mozilla.org/show_bug.cgi?id=814169'''

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16856>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Follow-Ups:
- Re: [tor-bugs] #16856 [Tor Browser]: 'network.http.speculative-parallel-limit' default setting provides tracking-risk
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #16856 [Tor Browser]: 'network.http.speculative-parallel-limit' default setting provides tracking-risk
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #16856 [Tor Browser]: 'network.http.speculative-parallel-limit' default setting provides tracking-risk
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #16856 [Tor Browser]: 'network.http.speculative-parallel-limit' default setting provides tracking-risk
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #16856 [Tor Browser]: 'network.http.speculative-parallel-limit' default setting provides tracking-risk
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #16856 [Tor Browser]: 'network.http.speculative-parallel-limit' default setting provides tracking-risk
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #16856 [Tor Browser]: 'network.http.speculative-parallel-limit' default setting provides tracking-risk
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #16633 [Tor Browser]: Enable and isolate Firefox connection prediction
Next by Author: [tor-bugs] #16857 [Orbot]: Transparent per/app proxying, extra option to deny any access
Previous by thread: Re: [tor-bugs] #16633 [Tor Browser]: Enable and isolate Firefox connection prediction
Next by thread: Re: [tor-bugs] #16856 [Tor Browser]: 'network.http.speculative-parallel-limit' default setting provides tracking-risk
Index(es):
- Author
- Thread