[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-bugs] #17641 [Tor Browser]: Use NoScript ABE feature to disallow hidden services access to clearnet
#17641: Use NoScript ABE feature to disallow hidden services access to clearnet
-------------------------+-------------------------------------------------
Reporter: | Owner: tbb-team
cypherpunks | Status: new
Type: defect | Milestone:
Priority: Medium | Version:
Component: Tor | Keywords: onion, tracking, security,
Browser | NoScript, CSRF
Severity: Normal | Parent ID:
Actual Points: | Sponsor:
Points: |
-------------------------+-------------------------------------------------
Some hidden services have some tracking (or non-tracking) scripts from
clearnet included, which allows a clearnet party to track HS users. I
suggest to use NoScript Application Boundaries Enforcer
(https://noscript.net/abe/) to disallow hidden services access to clearnet
resources (especially included scripts).
It could look like
Site *.onion
Accept from SELF++
#Anonymize from *.onion
Deny
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17641>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs