[tor-bugs] #10419 [Firefox Patch Issues]: Can requests to 127.0.0.1 be used to fingerprint the browser?
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Jan 22 16:09:59 UTC 2014
#10419: Can requests to 127.0.0.1 be used to fingerprint the browser?
--------------------------------------+--------------------------------
Reporter: mikeperry | Owner: mikeperry
Type: task | Status: new
Priority: major | Milestone:
Component: Firefox Patch Issues | Version:
Resolution: | Keywords: tbb-fingerprinting
Actual Points: | Parent ID:
Points: |
--------------------------------------+--------------------------------
Comment (by cypherpunks):
(cypherpunks2)
Replying to [comment:9 gk]:
> And including "127.0.0.1" into "content" does not make any sense here as
this would imply that TBB users could never access 127.0.0.1 themselves (I
don't see how you can proxy 127.0.0.1 if your proxy is listening at
127.0.0.1 as well).
So seperate from the fingerprinting issue, It would at least go against
the spirit of that requirement if a website accessed through Tor Browser
can tunnel a clearnet request through a commonly installed server running
on 127.0.0.1, no?
So originally it was less a case of "proxying 127.0.0.1" than "denying
unneccessary connections to 127.0.0.1", but it turns out NoScript ABE is
superior in that it removes less functionality.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10419#comment:10>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list