Opened 4 years ago

Last modified 4 years ago

#17641 needs_review enhancement

Use NoScript ABE feature to disallow hidden services access to clearnet

Reported by: cypherpunks Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Some hidden services have some tracking (or non-tracking) scripts from clearnet included, which allows a clearnet party to track HS users. I suggest to use NoScript Application Boundaries Enforcer (https://noscript.net/abe/) to disallow hidden services access to clearnet resources (especially included scripts).

It could look like
Site *.onion
Accept from SELF++
#Anonymize from *.onion
Deny

Child Tickets

Attachments (1)

Use-ABE-to-protect-Hidden-Services-from-surveillance.diff (981 bytes) - added by cypherpunks 4 years ago.
Use ABE to protect Hidden Services from surveillance

Download all attachments as: .zip

Change History (10)

comment:1 Changed 4 years ago by cypherpunks

Type: defectenhancement

comment:2 Changed 4 years ago by cypherpunks

Sorry, I forgot the main part. The rule above protects from accessing HSes from clearnet and anonimizes accessing another HS. here is the rule that protects HSes from accessing clearnet.

Site *
Deny from *.onion
Accept

comment:3 Changed 4 years ago by cypherpunks

Owner: changed from tbb-team to cypherpunks
Status: newaccepted

comment:4 Changed 4 years ago by cypherpunks

Status: acceptedneeds_review

comment:5 Changed 4 years ago by cypherpunks

Milestone: Tor: 0.2.8.x-final

comment:6 Changed 4 years ago by cypherpunks

Version: Tor: 0.2.7

comment:7 Changed 4 years ago by gk

Milestone: Tor: 0.2.8.x-final
Owner: changed from cypherpunks to tbb-team
Status: needs_reviewassigned
Version: Tor: 0.2.7

There is no patch attached for review, thus reassigning.

comment:8 Changed 4 years ago by cypherpunks

Status: assignedneeds_review

Changed 4 years ago by cypherpunks

Use ABE to protect Hidden Services from surveillance

comment:9 Changed 4 years ago by bugzilla

Keywords: onion tracking security NoScript CSRF removed

track HS users

disallow hidden services access to clearnet resources

anonimizes accessing another HS

protect Hidden Services from surveillance

Which problem is this ticket about?

Note: See TracTickets for help on using tickets.