[tor-bugs] #17423 [Tor Browser]: Look into Yan's browser fingerprinting tricks
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Oct 26 17:30:37 UTC 2015
#17423: Look into Yan's browser fingerprinting tricks
--------------------------------+--------------------------
Reporter: arthuredelstein | Owner: tbb-team
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: tbb-fingerprinting | Actual Points:
Parent ID: | Points:
Sponsor: |
--------------------------------+--------------------------
Comment (by zyan):
Replying to [comment:2 gk]:
> We have #6458 for the HSTS linkability issue.
Can you confirm my understanding of #6458?
1. user visits https://thirdparty.com, gets HSTS pin
2. user visits http://example.com with <img src="http://thirdparty.com">.
the browser makes the request over HTTP anyway because the user has never
visited thirdparty.com on example.com before.
I think that would stop the Sniffly attack.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17423#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list