[tbb-bugs] #28621 [Applications/Tor Browser]: Investigate "website fingerprinting through cache occupancy channel"

Tor Bug Tracker & Wiki blackhole at torproject.org
Fri Dec 21 07:51:29 UTC 2018


#28621: Investigate "website fingerprinting through cache occupancy channel"
--------------------------------------+--------------------------
 Reporter:  arthuredelstein           |          Owner:  tbb-team
     Type:  defect                    |         Status:  new
 Priority:  Medium                    |      Milestone:
Component:  Applications/Tor Browser  |        Version:
 Severity:  Normal                    |     Resolution:
 Keywords:                            |  Actual Points:
Parent ID:                            |         Points:
 Reviewer:                            |        Sponsor:
--------------------------------------+--------------------------

Comment (by tom):

 I skimmed it. This one kind of sucks. There are no reasonable
 countermeasures. Page coloring looked interesting, but AFAICT that was an
 idea from the early 2000s that hasn't been revisited?

 The 100ms resolution helps; but it isn't the complete answer (and I want
 to reduce it anyway if we can achieve the same security boundary using
 fuzzyfox.)

 Maybe the answer is something more complicated? Degrading it dynamically
 (throttling) if we detect repeated calls and throw a permission prompt
 (with or without the doorhanger)?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/28621#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tbb-bugs mailing list