#10419: Can requests to 127.0.0.1 be used to fingerprint the browser?
-------------------------------------+-------------------------------------
Reporter: mikeperry | Owner: mikeperry
Type: task | Status: needs_review
Priority: major | Milestone:
Component: Firefox Patch | Version:
Issues | Keywords: tbb-fingerprinting,
Resolution: | tbb-pref, MikePerry201401R
Actual Points: | Parent ID:
Points: |
-------------------------------------+-------------------------------------
Comment (by oc):
I'm discovering that we do not have the same user model:
* I only use TBB for a few specific tasks, while everything else I do with
a regular browser.
* You are promoting TBB as the main/only browser, in which case CUPS (et
al) should be accessible indeed.
Replying to [comment:16 cypherpunks]:
> {{{
> # Prevent Internet sites from requesting LAN resources.
> Site LOCAL
> Accept from LOCAL
> Deny
> (...)
> # Prevent 127.0.0.1 from requesting Internet resources.
> Site ALL
> Deny from 127.0.0.1
> }}}
Your ABE rules seem to work ok here.
Can 127.0.0.1 access LOCAL or not? I cannot check this myself because of
other (related) problems:
* LAN IPs are blocked anyway:
{{{
[warn] Rejecting SOCKS request for anonymous connection to private address
[scrubbed]
}}}
* 127.0.0.1 works but localhost does not.
Am I the only one experiencing those?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10419#comment:17>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online