[tor-bugs] #13747 [Applications/Tor Browser]: Block non .onion content on .onion addresses
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sun Jul 9 05:38:34 UTC 2017
#13747: Block non .onion content on .onion addresses
--------------------------------------+--------------------------
Reporter: legind | Owner: tbb-team
Type: enhancement | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: tbb-security | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------------------+--------------------------
Comment (by cypherpunks):
There was a paper relatively recently which showed that a very large chunk
of hidden services (~20%) were referencing external resources on non-onion
domains (like Google Analytics and jquery). I believe
https://mascherari.press/onionscan-report-august-2016-revisiting-caronte-
analytics-bitcoins-and-correlations/ describes it. Although a solution to
this ticket won't mitigate the HS deanonymization issues, the onionscan
results show conclusively that there are a significant number of hidden
services which do, often accidentally, expose non-onion resources.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13747#comment:12>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list