[tor-bugs] #20195 [HTTPS Everywhere/EFF-HTTPS Everywhere]: HTTPS Everywhere's SSL Observatory code doesn't honor domain isolation.
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Oct 14 17:02:11 UTC 2016
#20195: HTTPS Everywhere's SSL Observatory code doesn't honor domain isolation.
-------------------------------------------------+-------------------------
Reporter: yawning | Owner: legind
Type: defect | Status:
| assigned
Priority: High | Milestone:
Component: HTTPS Everywhere/EFF-HTTPS | Version:
Everywhere |
Severity: Major | Resolution:
Keywords: tbb-linkability | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Comment (by legind):
The suggestion in
https://trac.torproject.org/projects/tor/ticket/20195#comment:13 has been
implemented in https://github.com/EFForg/https-everywhere/pull/7342:
> This resolves the issue in
https://trac.torproject.org/projects/tor/ticket/20195 where the SSL
Observatory proxy checking code and submissions were bypassing domain
isolation. That code was a relic from the !TorButton days.
>
> Now, check.torproject.org is no longer accessed when we're using Tor
Browser, we assume successful Tor access. In this case, we let TB
transparently proxy for us, instead of accessing the Tor Browser proxy
settings directly.
This can be tested within HTTPS Everywhere by running:
{{{
test/tor-browser.sh PATH_TO_TOR_ARCHIVE
}}}
I'll close this once the fix is merged on our side.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20195#comment:15>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list