[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #8557 [Applications/Tor Browser]: Audit and possibly enable safebrowsing
#8557: Audit and possibly enable safebrowsing
-----------------------------------------+--------------------------
Reporter: mikeperry | Owner: tbb-team
Type: defect | Status: new
Priority: High | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Blocker | Resolution:
Keywords: tbb-pref, tbb-firefox-patch | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
-----------------------------------------+--------------------------
Changes (by fmarier):
* severity: => Blocker
Comment:
The Safe Browsing service has changed a lot since this ticket was filed.
I wrote a [https://feeding.cloud.geek.nz/posts/how-safe-browsing-works-in-
firefox/ detailed blog post] about the Firefox implementation and I keep
this [https://wiki.mozilla.org/Security/Safe_Browsing wiki page] up-to-
date with everything I know about the service and our implementation.
A few quick notes:
- it's all HTTPS now
- there are no more MAC keys
- list fetching is not based on user activity, it's on whenever the
browser is running
- the cookie has a unique origin attribute so it's not mixed with the
other Google cookies (and I believe it will be gone in V4 of the API, Fx
56+)
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/8557#comment:9>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs