[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #3600 [TorBrowserButton]: Prevent redirects from transmitting+storing cookies+identifiers

To: undisclosed-recipients:;
Subject: Re: [tor-bugs] #3600 [TorBrowserButton]: Prevent redirects from transmitting+storing cookies+identifiers
From: "Tor Bug Tracker & Wiki" <torproject-admin@xxxxxxxxxxxxxx>
Date: Mon, 30 Jul 2012 18:56:14 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 30 Jul 2012 14:55:38 -0400
In-reply-to: <049.47ad3b1289a90313ca28de81a49dd69d@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <049.47ad3b1289a90313ca28de81a49dd69d@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx

#3600: Prevent redirects from transmitting+storing cookies+identifiers
------------------------------+---------------------------------------------
 Reporter:  mikeperry         |          Owner:  mikeperry                    
     Type:  defect            |         Status:  new                          
 Priority:  major             |      Milestone:  TorBrowserBundle 2.3.x-stable
Component:  TorBrowserButton  |        Version:                               
 Keywords:  tbb-linkability   |         Parent:                               
   Points:                    |   Actualpoints:                               
------------------------------+---------------------------------------------

Comment(by mikeperry):

 Another datapoint: Google adwords will in some cases transparently
 redirect you through www.google.com as a first party with a huge bunch of
 mystery data encoded in the GET url path. It's not a regular behavior for
 all ads, but my guess would be that it is done through a window.location-
 style JS redirect during ad click, since my browser status bar did not
 display a www.google.com destination url prior to click.

 I'm not sure if this example helps settle the "prompt or defang?" dilemma
 for these types of redirects.. That probably depends on common federated
 login mechanisms and viable alternatives, which in and of itself probably
 means "deploy the prompt first, and see what gets interrupted by it".

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/3600#comment:20>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #6475 [Tor Client]: circuit_send_next_onion_skin(): Bug: Unexpectedly high circuit_successes
Next by Author: Re: [tor-bugs] #6142 [Tor bundles/installation]: Unstable Vidalia bundle doesn't use the alpha
Previous by thread: Re: [tor-bugs] #6490 [Tor Hidden Services]: Warn if traffic accounting is enabled and likely to break anonymity
Next by thread: Re: [tor-bugs] #5400 [Tor bundles/installation]: ASLR broken by non-ASLR DLLs
Index(es):
- Author
- Thread