[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #32701 [Applications/Tor Browser]: Keep an eye on fingerprinting risks due to the Reporting API

To: undisclosed-recipients: ;
Subject: [tor-bugs] #32701 [Applications/Tor Browser]: Keep an eye on fingerprinting risks due to the Reporting API
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Mon, 09 Dec 2019 11:50:56 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 09 Dec 2019 06:51:07 -0500
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
Reply-to: no-reply@xxxxxxxxxxxxxx, tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#32701: Keep an eye on fingerprinting risks due to the Reporting API
-------------------------------------+-------------------------------------
     Reporter:  gk                   |      Owner:  tbb-team
         Type:  task                 |     Status:  new
     Priority:  Medium               |  Milestone:
    Component:  Applications/Tor     |    Version:
  Browser                            |   Keywords:  tbb-fingerprinting,
     Severity:  Normal               |  ff78-esr
Actual Points:                       |  Parent ID:
       Points:                       |   Reviewer:
      Sponsor:                       |
-------------------------------------+-------------------------------------
 [https://bugzilla.mozilla.org/show_bug.cgi?id=1492036 Support for the
 Reporting API] landed on nightly in the Firefox 65 cycle. There is already
 at least [https://bugzilla.mozilla.org/show_bug.cgi?id=1507280 one needed
 fingerprinting fixup] known which we need to take care of when this gets
 enabled, but there are likely more. A good start for closer investigation
 is the [https://w3c.github.io/reporting/#privacy Privacy Considerations
 section] in the spec itself.

 We should keep this feature disabled until the risks are evaluated. This
 can be done by making sure `dom.reporting.enabled` and
 `dom.reporting.header.enabled` are `false`

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/32701>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #28863 [Core Tor/Fallback Scripts]: updateFallbackDirs.py thinks it is python 3 compatible but it is not
Next by Author: Re: [tor-bugs] #32797 [Applications/Tor Browser]: Torbrowser and tordaemon cant connect to the internet
Previous by thread: Re: [tor-bugs] #24351 [Applications/Tor Browser]: Block Global Active Adversary Cloudflare
Next by thread: [tor-bugs] #32702 [Applications/Tor Browser]: Set security.tls.enable_0rtt_data false
Index(es):
- Author
- Thread