Opened 3 years ago

Last modified 13 days ago

#18311 new defect

Document first party isolation for Tor researchers

Reported by: arthuredelstein Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords:
Cc: arma Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description (last modified by arthuredelstein)

Academics researching tor may not be aware that Tor Browser is isolating by URL bar domain (aka first party isolation), as implemented in #3455. We should note this somewhere in the tor documentation so this difference in behavior between default tor and default Tor Browser is not overlooked by researchers. See also #5753

Child Tickets

Change History (5)

comment:1 Changed 3 years ago by nickm

Component: TorTor Browser
Owner: set to tbb-team

comment:2 Changed 3 years ago by arthuredelstein

Description: modified (diff)
Parent ID: #5830#5753

comment:3 Changed 2 weeks ago by arma

Parent ID: #5753

This ticket remains relevant. I still encounter researchers who don't know about this quiet, but huge, change.

(unsetting the parent because trac won't let me add a comment to an open ticket whose parent is closed.)

comment:4 Changed 13 days ago by boklm

Currently it is mentioned in the Tor Browser desgin doc, in 4.5.8:
https://www.torproject.org/projects/torbrowser/design/#identifier-linkability

Is there an other place where this should be documented?

comment:5 Changed 13 days ago by pili

This is going off on a tangent slightly, but it feels like something that should be one of the Tor Browser features that we want to highlight e.g in the Tor Browser download page. I'm thinking of a short headline + brief (2-3 lines) explanation

For a more in depth description, e.g for researchers, developers, etc... this could possibly go somewhere on one of the upcoming dedicated portals

Note: See TracTickets for help on using tickets.