[tor-bugs] #3600 [Tor Browser]: Prevent redirects from transmitting+storing cookies+identifiers
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Apr 4 00:21:55 UTC 2016
#3600: Prevent redirects from transmitting+storing cookies+identifiers
-------------------------------------+-------------------------------------
Reporter: mikeperry | Owner: tbb-team
Type: defect | Status: new
Priority: High | Milestone: TorBrowserBundle
Component: Tor Browser | 2.3.x-stable
Severity: Major | Version:
Keywords: tbb-linkability, tbb- | Resolution:
testcase, tbb-torbutton | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------------------+-------------------------------------
Comment (by cypherpunks):
Replying to [comment:28 mikeperry]:
> If the user clicks "Proceed with tracking", then cookies, cache, etc
would be preserved. If the user clicks "Proceed without tracking", then we
clear all state and identifiers stored for destination.com before loading
the redirect request. (We would strip any subdomains from both domain.com
and destination.com in the message dialog, both because this would be less
confusing and also because our isolation applies to top-level domains).
Would the state also be cleared after the redirect happened? Or would it
stay in place but keyed on the originator of the redirection?
Replying to [comment:29 arma]:
> People are already driven nuts by the canvas thing.
Oh come on arma! "People" are also not at all bothered by the canvas
thing, and "people" would very much like to have more control about
attempts to track and correlate them. Yes privacy/security and convenience
are opposite ends of the scale, what's new? "People" can already use any
number of other browsers if they want convenience.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/3600#comment:30>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list