[tbb-bugs] #28719 [Applications/Tor Browser]: Clicking on embedded links seems to cause FPI mismatch
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Dec 11 08:06:50 UTC 2018
#28719: Clicking on embedded links seems to cause FPI mismatch
---------------------------------------------+--------------------------
Reporter: gk | Owner: tbb-team
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: tbb-linkability, tbb-8.0-issues | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
---------------------------------------------+--------------------------
Description changed by gk:
Old description:
> Starting with Tor Browser 8 if one clicks on a link to, say, an image on
> a different domain, one sees first Torbutton log output about a request
> to the old domain in the URL bar and then to the new one. For instance if
> one clicks on the image link on
>
> https://people.torproject.org/~gk/tests/image_pdf_fpi.html
>
> the result is something like
> {{{
> [12-04 09:21:38] Torbutton INFO: tor SOCKS:
> https://www.w3schools.com/html/img_logo.gif via
> torproject.org:b1e105e74a9fc3a64a2ce2ac582c0640
> [12-04 09:21:38] Torbutton INFO: tor SOCKS:
> https://www.w3schools.com/html/img_logo.gif via
> w3schools.com:81afd299054bcc8fc31c931087161bfe
> GET https://www.w3schools.com/html/img_logo.gif
> [HTTP/2.0 200 OK 1787ms]
> }}}
> Note, there is only one get request actually issues which could be a hint
> for a similar logging-only issue like #18762 and #16324.
>
> This got noted on our blog:
> https://blog.torproject.org/comment/278684#comment-278684 (and similar
> comments on the 8.5a5 blog post).
New description:
Starting with Tor Browser 8 if one clicks on a link to, say, an image on a
different domain, one sees first Torbutton log output about a request to
the old domain in the URL bar and then to the new one. For instance if one
clicks on the image link on
https://people.torproject.org/~gk/tests/image_pdf_fpi.html
the result is something like
{{{
[12-04 09:21:38] Torbutton INFO: tor SOCKS:
https://www.w3schools.com/html/img_logo.gif via
torproject.org:b1e105e74a9fc3a64a2ce2ac582c0640
[12-04 09:21:38] Torbutton INFO: tor SOCKS:
https://www.w3schools.com/html/img_logo.gif via
w3schools.com:81afd299054bcc8fc31c931087161bfe
GET https://www.w3schools.com/html/img_logo.gif
[HTTP/2.0 200 OK 1787ms]
}}}
Note, there is only one GET request actually issued which could be a hint
for a similar logging-only issue like #18762 and #16324.
This got noted on our blog:
https://blog.torproject.org/comment/278684#comment-278684 (and similar
comments on the 8.5a5 blog post).
--
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/28719#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list