[tor-bugs] #10419 [Firefox Patch Issues]: Can requests to 127.0.0.1 be used to fingerprint the browser?
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Jan 23 18:53:45 UTC 2014
#10419: Can requests to 127.0.0.1 be used to fingerprint the browser?
-------------------------------------+-------------------------------------
Reporter: mikeperry | Owner: mikeperry
Type: task | Status: needs_review
Priority: major | Milestone:
Component: Firefox Patch | Version:
Issues | Keywords: tbb-fingerprinting,
Resolution: | tbb-pref, MikePerry201401R
Actual Points: | Parent ID:
Points: |
-------------------------------------+-------------------------------------
Comment (by oc):
Replying to [comment:18 cypherpunks]:
>
> That's a strange mix? Only the ruleset from comment 16 is the good one.
Is it? Sorry, I thought you recommended comments 15 ''and'' 16 rules
concatenated…
Note that my question was also: shouldn't 127.0.0.1 be allowed to access
LOCAL? In other words, what is wrong with localhost CUPS fetching LAN
resources?
[[br]]
> blocking LAN should be redundant. (If it is not redundant because
somehow Windows TB is able to connect to LAN IPs, that sounds like a
material for a separate bug ticket.)
If you get rid of LOCAL rules (comment 15), a webserver on LAN could XHR
to its WAN address and learn what your Tor exit node is, for example,
couldn't it?
[[br]]
> > * 127.0.0.1 works but localhost does not.
>
> As expected, unless localhost is added to
extensions.torbutton.no_proxies_on. In which case we'd also have to deal
with localhost resolving to its IPv6 address? Not worth it IMHO.
TBB does not allow IPv6, or did I miss something?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10419#comment:20>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list