[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #20317 [Applications/Tor Browser]: Key permissions by first-party domain instead of origin (proposal)

Subject: [tor-bugs] #20317 [Applications/Tor Browser]: Key permissions by first-party domain instead of origin (proposal)
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Fri, 07 Oct 2016 18:29:39 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 07 Oct 2016 14:29:51 -0400
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
Reply-to: no-reply@xxxxxxxxxxxxxx, tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#20317: Key permissions by first-party domain instead of origin (proposal)
------------------------------------------+-----------------------------
     Reporter:  arthuredelstein           |      Owner:  tbb-team
         Type:  defect                    |     Status:  new
     Priority:  Medium                    |  Milestone:
    Component:  Applications/Tor Browser  |    Version:
     Severity:  Normal                    |   Keywords:  tbb-linkability
Actual Points:                            |  Parent ID:
       Points:                            |   Reviewer:
      Sponsor:                            |
------------------------------------------+-----------------------------
 In Firefox (and current Tor Browser), permissions are keyed by origin.
 That is a tracking vector -- for example, on Google maps, if click on the
 "Show your Location" button,



 The browser asks "www.google.com: Would you like to Share your Location
 with this site?" If we choose "Always Share Location", then this
 permission is stored, keyed to www.google.com.

 Now on other sites, any third-party object from www.google.com" (such as a
 Google Analytics script or a Google+ button) can know our location. Worse,
 it can expose a function call that any other script on the same page could
 call to obtain our location. So in practice, we have given permission for
 numerous domains to obtain our location. And the very existence of the
 permission setting, or any other, helps to distinguish us, and keying by
 origin doesn't help very much at all.

 So I would like to propose that we key every permission by first-party
 domain instead of origin domain. That means that the Permissions UI
 doesn't need to change much at all. We are still assigning each permission
 to a single domain. But this way, granting a permission to google.com
 would not leak to every other site.

 And I would argue that this is already the perception of most users when
 they see a permission requested. Most users are not knowledgeable about
 the subtleties of third-party scripts -- they expect a permission to apply
 to the site they are visiting in the URL bar.

 I would suggest we should write this patch for ESR52, which means using
 Origin Attributes and the pref "privacy.firstparty.isolate". Then we can
 hopefully uplift to Mozilla.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20317>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Follow-Ups:
- Re: [tor-bugs] #20317 [Applications/Tor Browser]: Key permissions by first-party domain instead of origin (proposal)
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #20317 [Applications/Tor Browser]: Key permissions by first-party domain instead of origin (proposal)
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #20317 [Applications/Tor Browser]: Key permissions by first-party domain instead of origin (proposal)
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #20317 [Applications/Tor Browser]: Key permissions by first-party domain instead of origin (proposal)
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #20427 [Applications/Tor Browser]: Could not connect to TOR Control Port
Next by Author: Re: [tor-bugs] #20264 [Applications/Tor Browser]: Reduce number of security slider states from 4 to 3 (proposed)
Previous by thread: Re: [tor-bugs] #18788 [Core Tor/Tor]: Make the copyright license clear for torspec and proposals
Next by thread: Re: [tor-bugs] #20317 [Applications/Tor Browser]: Key permissions by first-party domain instead of origin (proposal)
Index(es):
- Author
- Thread