[tor-bugs] #3455 [Firefox Patch Issues]: Tor Browser should set SOCKS username for a request based on referer

Tor Bug Tracker & Wiki torproject-admin at torproject.org
Mon May 7 05:00:41 UTC 2012 

#3455: Tor Browser should set SOCKS username for a request based on referer
----------------------------------+-----------------------------------------
 Reporter:  mikeperry             |          Owner:  mikeperry                    
     Type:  enhancement           |         Status:  new                          
 Priority:  major                 |      Milestone:  TorBrowserBundle 2.3.x-stable
Component:  Firefox Patch Issues  |        Version:                               
 Keywords:  tbb-linkability       |         Parent:  #5752                        
   Points:                        |   Actualpoints:                               
----------------------------------+-----------------------------------------

Comment(by mikeperry):

 Replying to [comment:14 rransom]:
 > Replying to [comment:13 mikeperry]:
 > > Replying to [comment:12 arma]:
 > > > Is "referer" really the best stand-in we have for "was launched from
 that tab"?
 > >
 > > "Launched from that tab" is not the model we're going for. It's the
 model used by JonDos, but what we want is "Launched from the same url bar
 origin/navigation session" (aka privacy requirement 1 in the design doc).
 Referer actually does map to what we want for that.
 >
 > I think “launched from that tab/window” is a better model.  It's easier
 to control, it doesn't require me to launch a second TBB if I want two
 separate sessions with the same website, ...

 Try to virtualize the rest of humanity (or just your densest cousin) using
 a per-tab/window model after having been trained to use their browsers as
 single identity bags. Here, let me help you understand what it would be
 like:

 "What do you mean, log in to google again? I just did that in this other
 tab."
 "OOps, I thought this tab was the OTHER gmail account..."
 "Oh, I though the fourth tab was twitter, not gmail. I guess I reordered
 them."

 Express route to Fail City, imo. See also point 1 in
 https://www.torproject.org/projects/torbrowser/design/#philosophy

 > > Now, this model does get a little sticky with redirects. See
 https://trac.torproject.org/projects/tor/ticket/3600#comment:16 for my
 thoughts on that case.
 >
 > and it doesn't require me to know where those **** shortened links will
 take me, or remember which sites I have ‘visited’ or been redirected
 through since clicking ‘New Identity’ and flushing all of my currently-
 open tabs.

 Except for other activity on that tab... There's no way humans can
 remember what each tab/window was used for what and be expected not to
 mess up, forget, and link themselves.

 We need to design this stuff for normal humans, not mentats.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/3455#comment:15>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list