[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #6217 [Firefox Patch Issues]: Fingerprintable information in browser update behavior

To: undisclosed-recipients:;
Subject: [tor-bugs] #6217 [Firefox Patch Issues]: Fingerprintable information in browser update behavior
From: "Tor Bug Tracker & Wiki" <torproject-admin@xxxxxxxxxxxxxx>
Date: Fri, 22 Jun 2012 10:07:49 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 22 Jun 2012 06:08:02 -0400
List-archive: <http://lists.torproject.org/pipermail/tor-bugs>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: Tor bug tracker status mails <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx

#6217: Fingerprintable information in browser update behavior
----------------------------------+-----------------------------------------
 Reporter:  cypherpunks           |          Owner:  mikeperry
     Type:  defect                |         Status:  new      
 Priority:  minor                 |      Milestone:           
Component:  Firefox Patch Issues  |        Version:           
 Keywords:                        |         Parent:           
   Points:                        |   Actualpoints:           
----------------------------------+-----------------------------------------
 This was reported to Mozilla but I thought it would probably not get
 considered properly unless reported here:

 https://bugzilla.mozilla.org/show_bug.cgi?id=755284

 >Fingerprintable information in update behavior

 >If update checks are enabled, Firefox seems to perform them at exactly
 the interval specified in the app.update.interval preference. (Tested with
 a 120-second interval and leaving the browser running.) This leads to a
 minor potential way of fingerprinting users on anonymizing networks like
 Tor because output relays can observe an update check occurring at a
 precise second corresponding to a particular user.

 >I realize this is a minor issue and difficult to exploit, but the
 solution is also appropriately minor. I assume it will be enough to simply
 randomize the scheduled time of next update (or the time stored in the
 lastUpdateTime settings, whichever) by up to 5% of the update interval.
 This fix will still preserve the user-set meaning of the
 app.update.interval setting, on average.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/6217>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Follow-Ups:
- Re: [tor-bugs] #6217 [Firefox Patch Issues]: Fingerprintable information in browser update behavior
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #6217 [Firefox Patch Issues]: Fingerprintable information in browser update behavior
  - From: Tor Bug Tracker & Wiki

Prev by Author: [tor-bugs] #6216 [Vidalia]: Vidalia performance problem in Network Map window
Next by Author: Re: [tor-bugs] #6217 [Firefox Patch Issues]: Fingerprintable information in browser update behavior
Previous by thread: Re: [tor-bugs] #6216 [Vidalia]: Vidalia performance problem in Network Map window
Next by thread: Re: [tor-bugs] #6217 [Firefox Patch Issues]: Fingerprintable information in browser update behavior
Index(es):
- Author
- Thread