[tor-bugs] #10419 [Firefox Patch Issues]: Can requests to 127.0.0.1 be used to fingerprint the browser?
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Jan 22 09:18:06 UTC 2014
#10419: Can requests to 127.0.0.1 be used to fingerprint the browser?
--------------------------------------+--------------------------------
Reporter: mikeperry | Owner: mikeperry
Type: task | Status: new
Priority: major | Milestone:
Component: Firefox Patch Issues | Version:
Resolution: | Keywords: tbb-fingerprinting
Actual Points: | Parent ID:
Points: |
--------------------------------------+--------------------------------
Comment (by gk):
Replying to [comment:5 oc]:
> If I understand correctly, this ticket is about evaluating localhost
fingerprinting risks, which is all good. #10686 was about considering
''any'' clear-text request to localhost a breach to TBB's proxy obedience
requirement
Where is the breach, exactly? The design document says:
{{{
The browser MUST NOT bypass Tor proxy settings for any content.
}}}
And including "127.0.0.1" into "content" does not make any sense here as
this would imply that TBB users could never access 127.0.0.1 themselves (I
don't see how you can proxy 127.0.0.1 if your proxy is listening at
127.0.0.1 as well).
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10419#comment:9>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list