[tor-bugs] #21569 [Applications/Tor Browser]: Investigate and neuter fingerprinting potential of Permissions API
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon May 8 18:44:05 UTC 2017
#21569: Investigate and neuter fingerprinting potential of Permissions API
-------------------------------------------------+-------------------------
Reporter: gk | Owner:
| arthuredelstein
Type: task | Status:
| needs_information
Priority: High | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: ff52-esr, tbb-7.0-must-alpha, | Actual Points:
TorBrowserTeam201705R |
Parent ID: | Points:
Reviewer: | Sponsor:
| Sponsor4
-------------------------------------------------+-------------------------
Comment (by arthuredelstein):
Replying to [comment:9 mcs]:
> Kathy and I started to review this but got stuck on a couple of things:
> * Where is the file `file_firstPartySpecial.html`?
> * Should the commented out lines (e.g., for geolocation) be removed from
`browser_permissions.js`?
> * `PrincipalOriginAttributes::StripUserContextId()` is now an empty
function. Is that correct?
Thanks for noticing these things. I have cleaned them up now. Here's the
new version:
https://github.com/arthuredelstein/tor-browser/commit/21569+4
Note here I am enabling isolation of permissions both by first party
domain and container ID. As Tor Browser doesn't use containers, the change
to container behavior should have no effect. But I took this approach
(changing both things) because it makes writing a test with Mozilla's
existing isolation test framework straightforward. If Mozilla decides to
apply first-party isolation to permissions, but not to apply it to
containers, then they will need to modify the framework. (Although my
recommendation would be to isolate permissions by containers as well.)
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21569#comment:11>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list