[tor-bugs] #8557 [Firefox Patch Issues]: Audit and possibly enable safebrowsing
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Mar 21 21:51:36 UTC 2013
#8557: Audit and possibly enable safebrowsing
----------------------------------+-----------------------------------------
Reporter: mikeperry | Owner: mikeperry
Type: defect | Status: new
Priority: major | Milestone:
Component: Firefox Patch Issues | Version:
Keywords: tbb-pref | Parent:
Points: | Actualpoints:
----------------------------------+-----------------------------------------
Description changed by mikeperry:
Old description:
> TBB currently disables safebrowsing. I would like to answer the following
> questions before we enable it:
>
> 1. Does Firefox stop fetching safebrowsing data if the browser is
> inactive? The spec says the list is updated every 30 minutes, but doesn't
> say anything about user activity.
> 2. The data itself is authenticated, but it is also served over HTTP, and
> the protocol supports requesting specific lists and segments. This
> introduces the ability of exits to repeatedly block list segments in an
> attempt to create a supercookie in the client that appears like it can
> persist for up to 6 hours (based on the retry behavior in
> https://wiki.mozilla.org/Phishing_Protection:_Design_Documentation#Client_Backoff).
> Is there a way for exits/websites to read this supercookie at will?
> 3. Related: Should we clear the safebrowsing list data on New Identity
> (or does this just cause a lot of pointless network overhead)?
> 4. It looks like we definitely would need to clear the MAC key on New
> Identity. How do we do that? Does doing so invalidate our previous list
> data?
New description:
TBB currently disables safebrowsing. I would like to answer the following
questions before we enable it:
1. Does Firefox stop fetching safebrowsing data if the browser is
inactive? The spec says the list is updated every 30 minutes, but doesn't
say anything about user activity.
2. The data itself is authenticated, but it is also served over HTTP, and
the protocol supports requesting specific lists and segments. This
introduces the ability of exits to repeatedly block list segments in an
attempt to create a supercookie in the client that appears like it can
persist for up to 6 hours (based on the retry behavior in
https://wiki.mozilla.org/Phishing_Protection:_Design_Documentation#Client_Backoff).
Is there a way for exits/websites to read this supercookie at will?
3. Related: Should we clear the safebrowsing list data on New Identity (or
does this just cause a lot of pointless network overhead)?
4. Clearing the list data might also cause an immediate re-download of all
lists and segments. Does it? Do we care about leaking this to the exit
(who can then infer that we just clicked New Identity)?
5. It looks like we definitely would need to clear the MAC key on New
Identity. How do we do that? Does doing so invalidate our previous list
data?
--
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/8557#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list