[tor-bugs] #10419 [Firefox Patch Issues]: Can requests to 127.0.0.1 be used to fingerprint the browser?

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Feb 12 15:41:10 UTC 2014


#10419: Can requests to 127.0.0.1 be used to fingerprint the browser?
-------------------------------------+-------------------------------------
     Reporter:  mikeperry            |      Owner:  mikeperry
         Type:  defect               |     Status:  closed
     Priority:  critical             |  Milestone:
    Component:  Firefox Patch        |    Version:
  Issues                             |   Keywords:  tbb-fingerprinting,
   Resolution:  fixed                |  tbb-pref, MikePerry201401R
Actual Points:                       |  Parent ID:
       Points:                       |
-------------------------------------+-------------------------------------

Comment (by cypherpunks):

 Replying to [comment:37 gk]:


 > Replying to [comment:36 cypherpunks]:
 >
 > > Previously I've been able to glue the 1Password extension into TBB
 (not supported by the 1P folks, but it worked, see post
 [http://discussions.agilebits.com/discussion/comment/99714 here] and post
 linked in that post). That appears to no longer work. I'm not certain, but
 I wonder if this fix is what's blocking it (the 1P extension uses
 Websocket connections to 127.0.0.1 to communicate with a helper process
 > >
 >
 > I think so, yes. To add an exception click on the green onion icon in
 your toolbar -> Preferences... -> Use custom proxy settings -> No Proxies
 for: AND there enter "127.0.0.1". Then, clicking on "OK" should fix your
 problem. But be aware that you might stand out more than other TBB users
 as a result of that.

 Thanks, making that change that does enable the 1Password extension to
 work again. Thanks also for noting the potential fingerprinting tradeoff.
 After I made the change, I tried Jacob Maas' test page (linked in comment
 5 above) with the [http://help.agilebits.com/1Password_Windows/helper-not-
 connected.html ports] 1Password uses, and each one was reported "closed or
 error during testing", which sounds comforting though I don't have the
 expertise to know how much it actually is.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10419#comment:39>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list