[tbb-bugs] #15555 [Tor Browser]: view-source requests hit the network and are not isolated by URL bar domain

Tor Bug Tracker & Wiki blackhole at torproject.org
Thu Apr 2 13:40:03 UTC 2015


#15555: view-source requests hit the network and are not isolated by URL bar domain
--------------------------------------------+--------------------------
 Reporter:  gk                              |          Owner:  tbb-team
     Type:  defect                          |         Status:  new
 Priority:  major                           |      Milestone:
Component:  Tor Browser                     |        Version:
 Keywords:  tbb-linkability, tbb-4.5-alpha  |  Actual Points:
Parent ID:                                  |         Points:
--------------------------------------------+--------------------------
 If I visit foo.com and look at its source (e.g. via Ctrl + U) another
 request is sent over the Tor network using "--NoFirstPartyHost-about-
 blank--" as SOCKS username. There are two things wrong with that behavior:
 1) view-source requests should not hit the network at all as this is not
 necessary. 2) All these requests are sent over the same circuit allowing
 user profiling which the isolation to the URL bar domain should prevent.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/15555>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tbb-bugs mailing list