[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #15563 [Applications/Tor Browser]: ServiceWorkers violate first party isolation, probably

To: undisclosed-recipients: ;
Subject: Re: [tor-bugs] #15563 [Applications/Tor Browser]: ServiceWorkers violate first party isolation, probably
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Thu, 19 Sep 2019 19:33:03 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 19 Sep 2019 15:33:16 -0400
In-reply-to: <055.f6d49d96c2c390347f7c4bc4050d5e9f@torproject.org>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <055.f6d49d96c2c390347f7c4bc4050d5e9f@torproject.org>
Reply-to: no-reply@xxxxxxxxxxxxxx, tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#15563: ServiceWorkers violate first party isolation, probably
-------------------------------------------------+-------------------------
 Reporter:  arthuredelstein                      |          Owner:  tbb-
                                                 |  team
     Type:  defect                               |         Status:
                                                 |  needs_information
 Priority:  High                                 |      Milestone:
Component:  Applications/Tor Browser             |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  tbb-linkability, ff68-esr, tbb-9.0   |  Actual Points:
  -must-alpha                                    |
Parent ID:                                       |         Points:  1
 Reviewer:                                       |        Sponsor:
                                                 |  Sponsor44-can
-------------------------------------------------+-------------------------

Comment (by sysrqb):

 Replying to [comment:18 acat]:
 > AFAIK, service workers APIs should not be usable in private browsing
 mode, `navigator.serviceWorker` is not present in that case. So in mobile
 they have flipped the serviceworker pref but as long as we only have
 private windows it should not be usable. Should we still investigate this
 for `browser.privatebrowsing.autostart = false`?

 We should disable `dom.serviceWorkers.enabled` on mobile. We don't support
 `browser.privatebrowsing.autostart = false`, but we know some people use
 Tor Browser like that, regardless of the consequences. In the longer term,
 we should make sure ServiceWorkers do not violate FPI when used in non-
 private browsing mode, but I don't think verifying this now is worth the
 effort.

 I'll open a ticket for disabling it on Android (for the people who use
 non-private browsing mode).

 I support closing this ticket as done, and opening another ticket
 specifically for non-private browsing mode, so we don't forget about this
 in the future.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/15563#comment:19>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #31599 [Metrics/CollecTor]: Create utility class for downloading from HTTP servers
Next by Author: [tor-bugs] #31827 [Applications/Tor Browser]: Tor unexpectedly exited.
Previous by thread: Re: [tor-bugs] #15563 [Applications/Tor Browser]: ServiceWorkers violate first party isolation, probably
Next by thread: Re: [tor-bugs] #15563 [Applications/Tor Browser]: ServiceWorkers violate first party isolation, probably
Index(es):
- Author
- Thread