[tor-bugs] #28536 [Applications/Tor Browser]: SuperCookie Built Into TLS 1.2 and 1.3
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Nov 21 07:36:14 UTC 2018
#28536: SuperCookie Built Into TLS 1.2 and 1.3
--------------------------------------+----------------------------
Reporter: heyjoe | Owner: tbb-team
Type: defect | Status: closed
Priority: Very High | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution: worksforme
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------------------+----------------------------
Changes (by gk):
* status: new => closed
* resolution: => worksforme
Comment:
{{{
privacy.firstparty.isolate
This feature prevents the browser from making requests to sites outside of
the primary domain from the site. This prevents large ubiquitous services
from following your keys around the web like a supercookie.
}}}
Yes, that's the purpose of this preference and the reason we set it. This
breaks the cross-site tracking which could indeed be a problem. We leave
the other preferences as-is, though, as this is no cross-site tracking
risk as far as we know and you can clean state with New Identity to cope
with long term tracking by first-parties. Thus, this works for me.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/28536#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list