[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #10419 [Firefox Patch Issues]: Can requests to 127.0.0.1 be used to fingerprint the browser?

Subject: Re: [tor-bugs] #10419 [Firefox Patch Issues]: Can requests to 127.0.0.1 be used to fingerprint the browser?
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Thu, 23 Jan 2014 10:14:08 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 23 Jan 2014 05:14:03 -0500
In-reply-to: <049.e964d1a87913ebd0ef85238f2e796a32@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <049.e964d1a87913ebd0ef85238f2e796a32@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#10419: Can requests to 127.0.0.1 be used to fingerprint the browser?
-------------------------------------+-------------------------------------
     Reporter:  mikeperry            |      Owner:  mikeperry
         Type:  task                 |     Status:  needs_review
     Priority:  major                |  Milestone:
    Component:  Firefox Patch        |    Version:
  Issues                             |   Keywords:  tbb-fingerprinting,
   Resolution:                       |  tbb-pref, MikePerry201401R
Actual Points:                       |  Parent ID:
       Points:                       |
-------------------------------------+-------------------------------------

Comment (by cypherpunks):

 (cypherpunks2)

 Replying to [comment:14 gk]:
 > Replying to [comment:13 mikeperry]:
 > > I think that oc is right about not needing to browse localhost from
 TBB.
 >
 > What about configuring CUPS from the browser? At least I am used to it.

 Now that ''you'' have said it out loud, I can confess to that, too. ;)

 One twist is that a web server running on 127.0.0.1 can serve pages that
 include remote resources. Those would be proxied through tor, which on the
 one hand might be quite useful, but on the other hand might include
 identifying information. (I'm thinking something like http://stats
 .mediaserver-vendor.example.com/?hostname=whoops.) It's essentially the
 same problem as blindly torifying some off-the-shelf program.

 To err on the side of safety, we could use ABE to also block remote
 requests from 127.0.0.1. Its language seems to have neither negation nor a
 GLOBAL keyword in opposition to LOCAL, but the rules are supposed to be
 processed in order. Therefor, this could work:
 {{{
 # shipped upstream
 Site LOCAL
 Accept from LOCAL
 Deny

 # to be added
 Site ALL
 Deny from LOCAL
 Accept
 }}}
 But it's untested.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10419#comment:15>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #9896 [Tor bundles/installation]: DebugInfo files are not properly created with Firefox 24 ESR
Next by Author: Re: [tor-bugs] #9344 [Firefox Patch Issues]: Cannot set tor browser as default browser nor open any link through it (even command-line)
Previous by thread: Re: [tor-bugs] #10419 [Firefox Patch Issues]: Can requests to 127.0.0.1 be used to fingerprint the browser?
Next by thread: Re: [tor-bugs] #10419 [Firefox Patch Issues]: Can requests to 127.0.0.1 be used to fingerprint the browser?
Index(es):
- Author
- Thread