[tor-bugs] #31066 [Applications/Tor Browser]: Consider protection against requests going through catch-all circuit
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Jul 2 18:21:39 UTC 2019
#31066: Consider protection against requests going through catch-all circuit
------------------------------------------+----------------------
Reporter: acat | Owner: tbb-team
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Keywords: ff68-esr
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
------------------------------------------+----------------------
While taking a look at upstreaming #26353 to Firefox I was thinking
whether it would make sense to have some mitigations to reduce potential
anonymity loss if there are requests unintentionally going through the
catch-all circuit. We currently isolate requests by
`originAttributes.firstPartyDomain`. If
`originAttributes.firstPartyDomain` is empty, then the request goes to the
catch-all circuit (socks username `--unknown--`).
I would suggest changing this and proxying with socks username
`--unknown--|||firstPartyDomain(request)` instead, where
`firstPartyDomain` is calculated as if the request host was the origin. I
think this can only improve user anonymity wrt current behaviour, at the
cost of potentially worse network performance (more circuits). But I think
there should not be many cases were `firstPartyDomain` is empty, and also
not so many `--unknown-- + domain` combinations to make this a performance
issue. I think it should be seen just as a mitigation for the potential
cases in Tor Browser that might not obey first party isolation.
Not sure if this has already been discussed in the past, but I thought it
might be interesting to consider.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/31066>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list