[tor-bugs] #16856 [Tor Browser]: 'network.http.speculative-parallel-limit' default setting provides tracking-risk

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Aug 19 12:51:54 UTC 2015


#16856: 'network.http.speculative-parallel-limit' default setting provides
tracking-risk
---------------------------+-----------------------------------------------
 Reporter:  RickGeex_      |          Owner:  tbb-team
     Type:  defect         |         Status:  new
 Priority:  major          |      Milestone:  TorBrowserBundle 2.3.x-stable
Component:  Tor Browser    |        Version:  Tor: unspecified
 Keywords:  tor,           |  Actual Points:
  tracking, default        |         Points:
Parent ID:                 |
---------------------------+-----------------------------------------------
 'network.http.speculative-parallel-limit' default setting provides
 tracking-risk

 (thanks to Yuri Khan for the original scenario - 2015-08-14 22:33:56 PDT)

 Potential tracking scenario:

  * '''Attacker''' sends an e-mail to the '''Victim''' with a text around a
 URL
  * '''Victim''' leaves the cursor in the area of the text
  * Tor Browser '''speculatively''' connects to the destination '''URL'''
 in the email
  * the Attacker logs this '''attempts''' and '''assigns''' the exit-node
 ''IP-address'' to the '''Victims''' ''email address''

 The result is that the exit-node's ''IP-address'' can be '''linked''' with
 the '''e-mail address''' of the targetted '''victim'''. Which (in case of
 '''seizing''' a ''exit-node'') can result in '''de-anonimizing''' the un-
 aware '''user''' behind it.

 This is exploitable in the Tor browser because the '''default''' value of
 the pre-connections API ('network.http.speculative-parallel-limit') is
 '''6'''

 A fix to mitigate this problem is to set 'network.http.speculative-
 parallel-limit' to '''0''' by '''default'''.

 '''References'''

  * '''​https://bugzilla.mozilla.org/show_bug.cgi?id=814169'''

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16856>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list