[tbb-bugs] #28719 [Applications/Tor Browser]: Clicking on embedded links seems to cause FPI mismatch

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Dec 11 08:06:50 UTC 2018


#28719: Clicking on embedded links seems to cause FPI mismatch
---------------------------------------------+--------------------------
 Reporter:  gk                               |          Owner:  tbb-team
     Type:  defect                           |         Status:  new
 Priority:  Medium                           |      Milestone:
Component:  Applications/Tor Browser         |        Version:
 Severity:  Normal                           |     Resolution:
 Keywords:  tbb-linkability, tbb-8.0-issues  |  Actual Points:
Parent ID:                                   |         Points:
 Reviewer:                                   |        Sponsor:
---------------------------------------------+--------------------------
Description changed by gk:

Old description:

> Starting with Tor Browser 8 if one clicks on a link to, say, an image on
> a different domain, one sees first Torbutton log output about a request
> to the old domain in the URL bar and then to the new one. For instance if
> one clicks on the image link on
>
> https://people.torproject.org/~gk/tests/image_pdf_fpi.html
>
> the result is something like
> {{{
> [12-04 09:21:38] Torbutton INFO: tor SOCKS:
> https://www.w3schools.com/html/img_logo.gif via
>                        torproject.org:b1e105e74a9fc3a64a2ce2ac582c0640
> [12-04 09:21:38] Torbutton INFO: tor SOCKS:
> https://www.w3schools.com/html/img_logo.gif via
>                        w3schools.com:81afd299054bcc8fc31c931087161bfe
> GET https://www.w3schools.com/html/img_logo.gif
> [HTTP/2.0 200 OK 1787ms]
> }}}
> Note, there is only one get request actually issues which could be a hint
> for a similar logging-only issue like #18762 and #16324.
>
> This got noted on our blog:
> https://blog.torproject.org/comment/278684#comment-278684 (and similar
> comments on the 8.5a5 blog post).

New description:

 Starting with Tor Browser 8 if one clicks on a link to, say, an image on a
 different domain, one sees first Torbutton log output about a request to
 the old domain in the URL bar and then to the new one. For instance if one
 clicks on the image link on

 https://people.torproject.org/~gk/tests/image_pdf_fpi.html

 the result is something like
 {{{
 [12-04 09:21:38] Torbutton INFO: tor SOCKS:
 https://www.w3schools.com/html/img_logo.gif via
                        torproject.org:b1e105e74a9fc3a64a2ce2ac582c0640
 [12-04 09:21:38] Torbutton INFO: tor SOCKS:
 https://www.w3schools.com/html/img_logo.gif via
                        w3schools.com:81afd299054bcc8fc31c931087161bfe
 GET https://www.w3schools.com/html/img_logo.gif
 [HTTP/2.0 200 OK 1787ms]
 }}}
 Note, there is only one GET request actually issued which could be a hint
 for a similar logging-only issue like #18762 and #16324.

 This got noted on our blog:
 https://blog.torproject.org/comment/278684#comment-278684 (and similar
 comments on the 8.5a5 blog post).

--

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/28719#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tbb-bugs mailing list