[tor-dev] #3600 tech doc

Tom Ritter tom at ritter.vg
Wed Mar 13 16:39:39 UTC 2019

New development:

In particular:

WebKit implemented partitioned caches more than five years ago. A
partitioned cache means cache entries for third-party resources are
double-keyed to their origin and the first-party eTLD+1. This
prohibits cross-site trackers from using the cache to track users.
Even so, our research has shown that trackers, in order to keep their
practices alive under ITP, have resorted to partitioned cache abuse.
Therefore, we have developed the verified partitioned cache.

When a partitioned cache entry is created for a domain that’s
classified by ITP as having cross-site tracking capabilities, the
entry gets flagged for verification. After seven days, if there’s a
cache hit for such a flagged entry, WebKit will act as if it has never
seen this resource and load it again. The new response is then
compared to the cached response and if they match in the ways we care
about for privacy reasons, the verification flag is cleared and the
cache entry is from that point considered legitimate. However, if the
new response does not match the cache entry, the old entry is
discarded, and a new one is created with the verification flag set,
and the verification process starts over.

ITP currently does this verification for permanent redirects since
that’s where we see abuse today.

It's not clear to me if the permanent redirects are in a partitioned
cache though. Either way, this doesn't affect Tor too much given that
we don't save history.

Although it does bring up a simple case that e could implement with no
problem: never remember a permanent redirect.


More information about the tor-dev mailing list