[tor-bugs] #16926 [Tor Browser]: Multiple OS: Tor Browser leaks domains to system DNS management.
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Sep 1 00:14:19 UTC 2015
#16926: Multiple OS: Tor Browser leaks domains to system DNS management.
-------------------------------+------------------------------
Reporter: DrMikeTwiddle | Owner: tbb-team
Type: defect | Status: new
Priority: critical | Milestone:
Component: Tor Browser | Version: Tor: unspecified
Resolution: | Keywords:
Actual Points: | Parent ID:
Points: |
-------------------------------+------------------------------
Comment (by teor):
Have you ever bookmarked tor-only-visited-site.com in another browser?
Safari on OS X will lookup favicons by making a connection to every site
in its bookmarks, even if you never visit the site using Safari.
Some browsers and even other tools (ClipMenu, a clipboard manager) appear
to connect to the Google Safe Browsing servers. But that shouldn't cause a
DNS lookup, unless the app in question submits IP addresses rather than
DNS names. (And it's possible to implement Safe Browsing using a local
database of URL hashes, rather than a plaintext URL lookup.)
https://developers.google.com/safe-browsing/
I wonder if the Finder does either of these things for Finder URL
bookmarks?
I wonder if the Dock does them, if you drag an OS X Finder URL bookmark
into the Dock?
It may be worth writing up a list of every location on your Mac that
you've ever used (bookmarked, pasted, typed) tor-only-visited-site.com.
That would at least help you eliminate possible leak vectors.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16926#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list