Opened 4 years ago

Closed 4 years ago

#19262 closed defect (duplicate)

Clicking inside Tor Browser search box or opening its drop-down causes network activity

Reported by: cypherpunks Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Minor Keywords: fingerprinting, privacy, tracking, search
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:



I have recently noticed that even the simple "offline" activities in TB mentioned above initiate some kind of network traffic. I unfortunately do not know how to see the specific contents of this traffic, but it is definitively there as I have viewed it from the activity of the FoxyProxy Add-On which I am using for a unique use-case. Regardless of the Add-On being outside TBB's scope, I believe that this is an issue that affects all Tor Browser users.

Leaking traffic like this assists with fingerprinting users and improves correlation/timing-style attacks. It is also possible that some kind of tracking cookie or other information is exchanged in this traffic, see #5816.

It would be good to know what is in this traffic, and furthermore, to disable this activity from a simple "offline" focus of the search box. Thank you.

Child Tickets

Change History (2)

comment:1 Changed 4 years ago by cypherpunks

The network traffic you see is most likely a favicon request. Firefox likes to redownload them constantly and all kinds of UI interactions can trigger this. The socks isolation username I have seen for those requests is "--NoFirstPartyHost-chrome-browser.xul--".

No cookies or referrers are sent with those requests, so for popular domains there is likely no issue. For unique domains, it may allow some tracking of your online status.

comment:2 Changed 4 years ago by gk

Parent ID: #5816
Resolution: duplicate
Status: newclosed

This is a duplicate of #16324.

Note: See TracTickets for help on using tickets.