[tbb-bugs] #30392 [Applications/Tor Browser]: CSS features allow real-time tracking
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon May 6 12:42:00 UTC 2019
#30392: CSS features allow real-time tracking
--------------------------------------+-----------------------------------
Reporter: davywtf | Owner: tbb-team
Type: defect | Status: needs_information
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------------------+-----------------------------------
Changes (by gk):
* keywords: css =>
* status: new => needs_information
* version: Tor: unspecified =>
Comment:
So, what exactly is the threat here? We don't spoof referers unless you
come from a .onion domain and go to a non .onion one. And I am not sure I
understand the fingerprinting concern. You mean the website you are
interacting with is recognizing you once you come back? If so, how so if
_only_ CSS is available (moreover, tracking by first-party domain is
currently out of scope; if that's done by identifiers like cookies then
New Identity is your friend given that not only cookies but numerous state
has to get cleared to separate those visits).
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30392#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list