[tor-bugs] #3600 [TorBrowserButton]: Prevent redirects from transmitting+storing cookies+identifiers
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Mon Jul 30 18:56:14 UTC 2012
#3600: Prevent redirects from transmitting+storing cookies+identifiers
------------------------------+---------------------------------------------
Reporter: mikeperry | Owner: mikeperry
Type: defect | Status: new
Priority: major | Milestone: TorBrowserBundle 2.3.x-stable
Component: TorBrowserButton | Version:
Keywords: tbb-linkability | Parent:
Points: | Actualpoints:
------------------------------+---------------------------------------------
Comment(by mikeperry):
Another datapoint: Google adwords will in some cases transparently
redirect you through www.google.com as a first party with a huge bunch of
mystery data encoded in the GET url path. It's not a regular behavior for
all ads, but my guess would be that it is done through a window.location-
style JS redirect during ad click, since my browser status bar did not
display a www.google.com destination url prior to click.
I'm not sure if this example helps settle the "prompt or defang?" dilemma
for these types of redirects.. That probably depends on common federated
login mechanisms and viable alternatives, which in and of itself probably
means "deploy the prompt first, and see what gets interrupted by it".
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/3600#comment:20>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list