[tbb-bugs] #3600 [Tor Browser]: Prevent redirects from transmitting+storing cookies+identifiers

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Apr 4 00:21:55 UTC 2016

#3600: Prevent redirects from transmitting+storing cookies+identifiers
 Reporter:  mikeperry                |          Owner:  tbb-team
     Type:  defect                   |         Status:  new
 Priority:  High                     |      Milestone:  TorBrowserBundle
Component:  Tor Browser              |  2.3.x-stable
 Severity:  Major                    |        Version:
 Keywords:  tbb-linkability, tbb-    |     Resolution:
  testcase, tbb-torbutton            |  Actual Points:
Parent ID:                           |         Points:
 Reviewer:                           |        Sponsor:

Comment (by cypherpunks):

 Replying to [comment:28 mikeperry]:
 > If the user clicks "Proceed with tracking", then cookies, cache, etc
 would be preserved. If the user clicks "Proceed without tracking", then we
 clear all state and identifiers stored for destination.com before loading
 the redirect request. (We would strip any subdomains from both domain.com
 and destination.com in the message dialog, both because this would be less
 confusing and also because our isolation applies to top-level domains).
 Would the state also be cleared after the redirect happened? Or would it
 stay in place but keyed on the originator of the redirection?

 Replying to [comment:29 arma]:
 > People are already driven nuts by the canvas thing.
 Oh come on arma! "People" are also not at all bothered by the canvas
 thing, and "people" would very much like to have more control about
 attempts to track and correlate them. Yes privacy/security and convenience
 are opposite ends of the scale, what's new? "People" can already use any
 number of other browsers if they want convenience.

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/3600#comment:30>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tbb-bugs mailing list