[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #20195 [HTTPS Everywhere/EFF-HTTPS Everywhere]: HTTPS Everywhere's SSL Observatory code doesn't honor domain isolation.
#20195: HTTPS Everywhere's SSL Observatory code doesn't honor domain isolation.
-------------------------------------------------+-------------------------
Reporter: yawning | Owner: legind
Type: defect | Status:
| assigned
Priority: High | Milestone:
Component: HTTPS Everywhere/EFF-HTTPS | Version:
Everywhere |
Severity: Major | Resolution:
Keywords: tbb-linkability | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Comment (by legind):
The suggestion in
https://trac.torproject.org/projects/tor/ticket/20195#comment:13 has been
implemented in https://github.com/EFForg/https-everywhere/pull/7342:
> This resolves the issue in
https://trac.torproject.org/projects/tor/ticket/20195 where the SSL
Observatory proxy checking code and submissions were bypassing domain
isolation. That code was a relic from the !TorButton days.
>
> Now, check.torproject.org is no longer accessed when we're using Tor
Browser, we assume successful Tor access. In this case, we let TB
transparently proxy for us, instead of accessing the Tor Browser proxy
settings directly.
This can be tested within HTTPS Everywhere by running:
{{{
test/tor-browser.sh PATH_TO_TOR_ARCHIVE
}}}
I'll close this once the fix is merged on our side.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20195#comment:15>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs