Opened 5 years ago

Last modified 17 months ago

#13236 new defect

investigate Firefox SSL for things that might allow user tracking

Reported by: arthuredelstein Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: tbb-linkability
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

From a comment by Patrick McManus:

(In reply to David Keeler (:keeler) [use needinfo?] from comment #5)

mcmanus, are there other TLS features that are enabled by default that would
allow tracking users? (The aim of this bug is to add an option that would
prevent that sort of thing.)

sure - at various levels of granularity. None as extreme as session tickets.
Anything that keeps state, right?

some that come to mind:

  • the version intolerance cache
  • our false start behavior involves "have I seen this algorithm before"
  • the hsts database

Child Tickets

Change History (3)

comment:1 Changed 5 years ago by arthuredelstein

Component: - Select a componentTor Browser
Keywords: tbb-linkability added
Owner: set to tbb-team

comment:2 Changed 5 years ago by arthuredelstein

Summary: investigate Firefox SSL for things that might allows user trackinginvestigate Firefox SSL for things that might allow user tracking

comment:3 Changed 17 months ago by teor

Severity: Normal

Set all open tickets without a severity to "Normal"

Note: See TracTickets for help on using tickets.