[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #10419 [Firefox Patch Issues]: Can requests to 127.0.0.1 be used to fingerprint the browser?
#10419: Can requests to 127.0.0.1 be used to fingerprint the browser?
-------------------------------------+-------------------------------------
Reporter: mikeperry | Owner: mikeperry
Type: task | Status: needs_review
Priority: major | Milestone:
Component: Firefox Patch | Version:
Issues | Keywords: tbb-fingerprinting,
Resolution: | tbb-pref, MikePerry201401R
Actual Points: | Parent ID:
Points: |
-------------------------------------+-------------------------------------
Comment (by cypherpunks):
(cypherpunks2)
Replying to [comment:17 oc]:
> Replying to [comment:16 cypherpunks]:
> > {{{
> > # Prevent Internet sites from requesting LAN resources.
> > Site LOCAL
> > Accept from LOCAL
> > Deny
> > (...)
> > # Prevent 127.0.0.1 from requesting Internet resources.
> > Site ALL
> > Deny from 127.0.0.1
> > }}}
That's a strange mix? Only the ruleset from comment 16 is the good one.
> Your ABE rules seem to work ok here.
> Can/should 127.0.0.1 access LOCAL though?
It should not - according to the ABE documentation ALL is a "special token
matching any URI". So 127.0.0.1 originating requests to LAN are to be
blocked by the second rule. I've amended the rule comments, though
blocking LAN should be redundant.
> * 127.0.0.1 works but localhost does not.
As expected, unless localhost is added to
extensions.torbutton.no_proxies_on. In which case we'd also have to deal
with localhost resolving to its IPv6 address? Not worth it IMHO.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10419#comment:18>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs