[tor-bugs] #8557 [Applications/Tor Browser]: Audit and possibly enable safebrowsing
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Sep 15 18:54:01 UTC 2017
#8557: Audit and possibly enable safebrowsing
-----------------------------------------+--------------------------
Reporter: mikeperry | Owner: tbb-team
Type: defect | Status: new
Priority: High | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Blocker | Resolution:
Keywords: tbb-pref, tbb-firefox-patch | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
-----------------------------------------+--------------------------
Changes (by fmarier):
* severity: => Blocker
Comment:
The Safe Browsing service has changed a lot since this ticket was filed.
I wrote a [https://feeding.cloud.geek.nz/posts/how-safe-browsing-works-in-
firefox/ detailed blog post] about the Firefox implementation and I keep
this [https://wiki.mozilla.org/Security/Safe_Browsing wiki page] up-to-
date with everything I know about the service and our implementation.
A few quick notes:
- it's all HTTPS now
- there are no more MAC keys
- list fetching is not based on user activity, it's on whenever the
browser is running
- the cookie has a unique origin attribute so it's not mixed with the
other Google cookies (and I believe it will be gone in V4 of the API, Fx
56+)
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/8557#comment:9>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list