[tor-bugs] #32151 [Applications/Tor Browser]: Investigate RemoteSettings requests params and try to reduce info leaked about local state
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Oct 18 10:36:28 UTC 2019
#32151: Investigate RemoteSettings requests params and try to reduce info leaked
about local state
------------------------------------------+-----------------------------
Reporter: acat | Owner: tbb-team
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Keywords: tbb-linkability
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
------------------------------------------+-----------------------------
From https://trac.torproject.org/projects/tor/ticket/31740#comment:7:
>One concern is that the different parameters (etag, timestamps...) might
be leaking enough info about the user state that it allows linking
together requests done over time as belonging to the same user. In
principle, the request parameters depend on the values returned in
previous responses, and these seem not to change very often. I did not do
a deep analysis, but I feel like we would not lose too much by doing the
same requests without parameters (as if there was no previous state in the
browser). I don't see the responses being so big, nor the requests done so
often.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/32151>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list