[tor-bugs] #32321 [Applications/Tor Browser]: https://mitmdetection.services.mozilla.com/ is contacted over catch-all circuit
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Oct 28 16:36:24 UTC 2019
#32321: https://mitmdetection.services.mozilla.com/ is contacted over catch-all
circuit
-------------------------------------+-------------------------------------
Reporter: gk | Owner: tbb-team
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor | Version:
Browser | Keywords: tbb-9.0-issues,
Severity: Normal | tbb-9.0.1-can, tbb-linkability
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
-------------------------------------+-------------------------------------
If one triggers a MitM-warning (e.g. on https://mitm-software.badssl.com/)
what seems to be a background request is sent over the catch-all circuit
to https://mitmdetection.services.mozilla.com:
{{{
[10-25 07:50:12] Torbutton INFO: tor SOCKS:
https://mitmdetection.services.mozilla.com/ via
--unknown--:3c6a3286392291d7459b9e131ebc8f73
}}}
Either we properly do FPI here OR we just omit contacting Mozilla here at
all (I think the latter sounds fine).
[https://blog.torproject.org/comment/284916#comment-284916 Reported on our
blog].
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/32321>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list