[tor-bugs] #10419 [Firefox Patch Issues]: Can requests to 127.0.0.1 be used to fingerprint the browser?
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Jan 23 19:24:25 UTC 2014
#10419: Can requests to 127.0.0.1 be used to fingerprint the browser?
-------------------------------------+-------------------------------------
Reporter: mikeperry | Owner: mikeperry
Type: task | Status: needs_review
Priority: major | Milestone:
Component: Firefox Patch | Version:
Issues | Keywords: tbb-fingerprinting,
Resolution: | tbb-pref, MikePerry201401R
Actual Points: | Parent ID:
Points: |
-------------------------------------+-------------------------------------
Comment (by mikeperry):
Replying to [comment:14 gk]:
> Replying to [comment:13 mikeperry]:
> > I think that oc is right about not needing to browse localhost from
TBB.
>
> What about configuring CUPS from the browser? At least I am used to it.
And the need for two browsers (a TorBrowser and, say, a vanilla Fx) bears
the big risk that the users mess things up. So, if we see the need for
removing "access" to 127.0.0.1 from the outside then we should make sure
that the user itself is still able to reach things on 127.0.0.1 IMO.
It is called the "Tor Browser". I don't think we should really support
things like using it to configure local services, especially at the
expense of excessive complexity, increased vulnerability surface, or
increased fingerprinting.
I can see the development utility of running TBB tests on an http server
listening on 127.0.0.1, but such developers/testing frameworks are quite
capable of explicitly allowing 127.0.0.1 in the pref.
The better question is "does CUPS printing work at all if we remove
127.0.0.1 this pref?"
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10419#comment:21>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list