Query syntax:

  • Use tag1 tag2 to match all tags.
  • tag1 or tag2 will match any tag.
  • Negate a tag with -tag1.
  • Group sub-queries with (tag1 or tag2).
  • Quote strings to include special characters.
  • Restrict search to a specific realm with realm:wiki.

Showing objects tagged with 'tbb-linkability'

  • #2877 defect: Prevent TLS state from accumulating in Tor Browser (new)
  • #3600 defect: Prevent redirects from transmitting+storing cookies+identifiers (assigned)
  • #4335 enhancement: Per-urlbar domain plugin control (closed: wontfix)
  • #5288 defect: Clickjacking + popups subvert TBB url-bar isolation (new)
  • #8213 defect: spoof history.length - browser.sessionhistory.max_entries (new)
  • #9336 defect: Odd wyswig schemes without isolation for browserspy.dk (new)
  • #9783 defect: New Identity does not always clear all OCSP/favicon related network ... (new)
  • #10824 defect: Using Firefox UI to remember history disables third party ... (reopened)
  • #12609 defect: HTML5 fullscreen API makes TB fingerprintable, disable it! (needs_revision)
  • #12682 enhancement: Tor Browser's HTML5 canvas fingerprinting dialogue could use a ... (new)
  • #12683 defect: Permissions in nsIPermissionManager aren't cleared with TorButton's ... (new)
  • #13236 defect: investigate Firefox SSL for things that might allow user tracking (new)
  • #14952 task: Audit HTTP/2 and SPDY if needed (closed: fixed)
  • #15499 defect: Onion sites circuits are not properly isolated to URL bar domain (new)
  • #15563 defect: ServiceWorkers violate first party isolation, probably (new)
  • #15569 defect: Web Notification API icons get no first party (needs_information)
  • #15599 defect: Range requests used by pdfjs are not isolated to URL bar domain (closed: fixed)
  • #15954 defect: Canvas permission and HTTP auth still use FQDN isolation (new)
  • #16285 task: Make sure EME is no tracking risk in Tor Browser (assigned)
  • #16333 task: Make sure IndexedDB is disabled from worker code (closed: fixed)
  • #16335 task: Investigate whether the Symbol data type can store global identifiers ... (new)
  • #16693 defect: Isolate TLS Channel-Bound Cookies (new)
  • #16920 defect: Referer Header should be disabled for new tabs (needs_review)
  • #17123 defect: Request for certificate is sent over the catch-all circuit (new)
  • #17244 defect: Low entropy PRNG usage in Tor Browser? (needs_information)
  • #17252 enhancement: Confirm TLS session resumption/ID are isolated to the URL bar domain, ... (closed: fixed)
  • #17933 defect: Tor Browser does not isolate the pdf 'download' (via the download ... (closed: fixed)
  • #17965 defect: Isolate HPKP and HSTS to url bar domain (closed: fixed)
  • #18532 defect: Now search.disconnect.me through catchall too (reopened)
  • #18552 defect: timing oracle for rendezvouz circuits (new)
  • #19037 defect: Suppress content access to page visibility API (new)
  • #19417 defect: asm.js files should be no linkability risk (assigned)
  • #19520 task: Investigate "No last modified time" entries visible in about:cache (new)
  • #19741 defect: favicon in searchbar popup uses catchall circuit (new)
  • #19921 defect: Tor Browser: improper handling of 404 Not Found images (needs_information)
  • #20256 defect: Cloudfront resources are isolated to the FQDN (new)
  • #20317 defect: Key permissions by first-party domain instead of origin (proposal) (closed: duplicate)
  • #20328 defect: No cookies are visible, except... (needs_information)
  • #20393 defect: Something uses catchall circuit (new)
  • #21347 enhancement: Retrying a download breaks URL bar domain isolation (new)
  • #21559 defect: Tor browser deanonymization/fingerprinting via cached intermediate CAs (new)
  • #21657 task: Test to make sure we isolate or disable all speculative connects (new)
  • #21793 task: Keep an eye on the CustomElementRegistry API (assigned)
  • #22100 defect: Triggering the external helper dialog leads sometimes to requests ... (new)
  • #22162 defect: Review speculative connections (new)
  • #22343 defect: Save as... in the context menu results in using the catch-all circuit (closed: fixed)
  • #22501 defect: Requests via javascript: violate FPI (closed: fixed)
  • #22538 defect: Changing circuit for page with error switches catch-all circuit instead (new)
  • #22649 defect: Save Link As... in the context menu results in using the catch-all circuit (closed: duplicate)
  • #23210 defect: Favicons are getting reloaded over catch-all-circuit if content ... (new)
  • #23216 defect: The languagechange event is noticeable on all open tabs (new)
  • #23768 defect: Update code to wipe indexedDB in New Identity (new)
  • #24553 enhancement: Re-enable Alternate Services (closed: fixed)
  • #24622 defect: Torcrazybutton can't decipher website s3.amazonaws.com (new)
  • #25672 defect: Debugger in developer tools is fetching website over catch-all circuit (new)
  • #26353 defect: First request after copying and pasting an URL in URL bar seems to go ... (closed: fixed)
  • #26606 defect: investigate fingerprinting and linkability risks of the Intersection ... (new)
  • #26608 defect: investigate <link rel="preload"> (new)
  • #26833 defect: Include IP addresses in First Party Isolation (FPI) (closed: fixed)
  • #27127 defect: Audit and enable HTTP/2 push (new)
  • #27260 defect: Audit network.http.spdy.enabled.deps (new)
  • #27633 defect: Do subscribed feeds adhere to first party isolation? (new)
  • #28368 defect: determine if media.decoder.recycle.enabled allows any linkability (new)
  • #28371 defect: verify that speculative connect on mousedown does not violate FPI (closed: duplicate)
  • #28719 defect: Clicking on embedded links seems to cause FPI mismatch (new)