[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #26613 [Applications/Tor Browser]: audit or disable Apple HLS implementation on Android
#26613: audit or disable Apple HLS implementation on Android
-------------------------------------------------+-------------------------
Reporter: mcs | Owner: tbb-
| team
Type: defect | Status:
| needs_information
Priority: High | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: tbb-mobile, ff60-esr, | Actual Points:
TorBrowserTeam201807 |
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Comment (by igt0):
When looking the code I looked for:
* proxy bypasses: the browser implementation uses just the http
implementation and it has a proxy bypass, this one is fixed, we just need
to backport to FF60.
* disk avoidance: I wanted to make sure if the player stores any data in
the disk and it does, however, it stores the data in the app internal
cache using the android context.getCacheDir method. The internal cache can
not be accessed by other apps and it has a short life span.
* fingerprinting: I looked for locale and screen size leaks, and the HLS
implementation doesn't leak them. All the text and video selections happen
in the app side. The browser doesn't send any data to the server.
So I would say **yes** we can enable it.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/26613#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs