[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #21749 [Applications/Tor Browser]: bitcoin.de

Subject: Re: [tor-bugs] #21749 [Applications/Tor Browser]: bitcoin.de
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Mon, 20 Mar 2017 14:49:07 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 20 Mar 2017 10:49:19 -0400
In-reply-to: <046.b38b6bb8bb48270529ba6d0d0202e946@torproject.org>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <046.b38b6bb8bb48270529ba6d0d0202e946@torproject.org>
Reply-to: no-reply@xxxxxxxxxxxxxx, tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#21749: bitcoin.de
-------------------------------------------------+-------------------------
 Reporter:  globos                               |          Owner:  tbb-
                                                 |  team
     Type:  defect                               |         Status:  new
 Priority:  Medium                               |      Milestone:
Component:  Applications/Tor Browser             |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  tbb-usability-website, ff52-esr-     |  Actual Points:
  will-have                                      |
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------
Changes (by gk):

 * keywords:  tbb-usability-website, ff52-esr => tbb-usability-website, ff52
     -esr-will-have


Comment:

 So, this works in a Firefox 52 based Tor Browser because there you get
 redirected differently. More importantly, you get the usual Cloudflare
 experience (that is a CAPTCHA is greeting you) and after solving that one
 you proceed to the properly working bitcoin page.

 Now, the reason for the different redirect is that the ESR 52 sends:
 `Accept-Encoding: gzip, deflate, br` and the ESR 45 just `Accept-Encoding:
 gzip, deflate`. This seems to me a bug in the Cloudflare setup. They have
 probably just forgotten that there are still folks out there using ESR 45
 and are exposed to the CAPTCHAs.

 We can't fix that easily on our side as not sending the Brotli support was
 explicitely done for ESR 45:
 https://bugzilla.mozilla.org/show_bug.cgi?id=1254411 as backporting a
 security fix was deemed too risky.

 I hope to get hold of some Cloudflare folks this week who might be able to
 check at least whether that is really a Cloudflare bug.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21749#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

References:
- [tor-bugs] #21749 [- Select a component]: bitcoin.de
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #21253 [Core Tor/Tor]: Add link handshakes to benchmark program
Next by Author: [tor-bugs] #21787 [Applications/Tor Browser]: Make sure exposing the calendar information does not leak the locale
Previous by thread: Re: [tor-bugs] #21749 [Applications/Tor Browser]: bitcoin.de
Next by thread: Re: [tor-bugs] #16456 [Applications/Tor Browser]: screen size fingerprint with findbar panel/bookmarks toolbar
Index(es):
- Author
- Thread