[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-dev] UX improvement proposal: Onion auto-redirects using Alt-Svc HTTP header
On Tue, Nov 14, 2017 at 02:51:55PM +0200, George Kadianakis wrote:
> Let me know what you think :)
Section 9.4 in the Alt-Svc draft talks about abusing the header for
tracking. In particular, a malicious website could give each Tor user
a unique onion domain to track their activity. That's particularly
problematic if the "persist" flag is used in the Alt-Svc header.
Granted, malicious websites can already do that to an extent by serving
unique onion domains on each page load, but we should still keep this
issue in mind.
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev