[tor-bugs] #26613 [Applications/Tor Browser]: audit or disable Apple HLS implementation on Android
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Jul 5 12:30:49 UTC 2018
#26613: audit or disable Apple HLS implementation on Android
-------------------------------------------------+-------------------------
Reporter: mcs | Owner: tbb-
| team
Type: defect | Status:
| needs_information
Priority: High | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: tbb-mobile, ff60-esr, | Actual Points:
TorBrowserTeam201807 |
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Comment (by igt0):
When looking the code I looked for:
* proxy bypasses: the browser implementation uses just the http
implementation and it has a proxy bypass, this one is fixed, we just need
to backport to FF60.
* disk avoidance: I wanted to make sure if the player stores any data in
the disk and it does, however, it stores the data in the app internal
cache using the android context.getCacheDir method. The internal cache can
not be accessed by other apps and it has a short life span.
* fingerprinting: I looked for locale and screen size leaks, and the HLS
implementation doesn't leak them. All the text and video selections happen
in the app side. The browser doesn't send any data to the server.
So I would say **yes** we can enable it.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/26613#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list