[tbb-bugs] #19229 [Applications/Tor Browser]: Canary monitoring
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Jun 2 15:06:23 UTC 2016
#19229: Canary monitoring
------------------------------------------+----------------------
Reporter: cypherpunks | Owner: tbb-team
Type: project | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Keywords:
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
------------------------------------------+----------------------
Some websites put canaries into their Privacy Policy as a legal way to
inform the users about gag orders. It is fine to have a browser extension
checking for canaries and warn users if canary disappear.
If an extension discovers a valid canary, it caches the site as canaried.
If a canary changes or disappears it informs the user. A DB of known
canaries can be available as a subscription (like adblock one).
First it tries to discover a canary in the page. If it doesn't, it looks
for meta or a element referring to ToS and privacy policy and looks for
canaries there.
To discover a canary an extension searches in meta tags for it. If it
finds a meta element with content having a canary it means it has a
canary. This canary has the following format <meta name="any string"
content="Any standardized canary message|valid date|b64 encoded EdDSA
public key|b64 encoded EdDSA signature of PKCS7 padded everything before
it"/>. The implementation must check the signature and pin public key.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/19229>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list