[tor-bugs] #10419 [Firefox Patch Issues]: Can requests to 127.0.0.1 be used to fingerprint the browser?

Tor Bug Tracker & Wiki blackhole at torproject.org
Thu Jan 23 17:57:22 UTC 2014


#10419: Can requests to 127.0.0.1 be used to fingerprint the browser?
-------------------------------------+-------------------------------------
     Reporter:  mikeperry            |      Owner:  mikeperry
         Type:  task                 |     Status:  needs_review
     Priority:  major                |  Milestone:
    Component:  Firefox Patch        |    Version:
  Issues                             |   Keywords:  tbb-fingerprinting,
   Resolution:                       |  tbb-pref, MikePerry201401R
Actual Points:                       |  Parent ID:
       Points:                       |
-------------------------------------+-------------------------------------

Comment (by cypherpunks):

 (cypherpunks2)

 Replying to [comment:17 oc]:

 > Replying to [comment:16 cypherpunks]:
 > > {{{
 > > # Prevent Internet sites from requesting LAN resources.
 > > Site LOCAL
 > > Accept from LOCAL
 > > Deny
 > > (...)
 > > # Prevent 127.0.0.1 from requesting Internet resources.
 > > Site ALL
 > > Deny from 127.0.0.1
 > > }}}

 That's a strange mix? Only the ruleset from comment 16 is the good one.

 > Your ABE rules seem to work ok here.
 > Can/should 127.0.0.1 access LOCAL though?

 It should not - according to the ABE documentation ALL is a "special token
 matching any URI". So 127.0.0.1 originating requests to LAN are to be
 blocked by the second rule. I've amended the rule comments, though
 blocking LAN should be redundant.

 > * 127.0.0.1 works but localhost does not.

 As expected, unless localhost is added to
 extensions.torbutton.no_proxies_on. In which case we'd also have to deal
 with localhost resolving to its IPv6 address? Not worth it IMHO.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10419#comment:18>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list