Opened 10 months ago

Closed 4 weeks ago

Last modified 4 weeks ago

#24553 closed enhancement (fixed)

Re-enable Alternate Services

Reported by: arthuredelstein Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: tbb-linkability, ff60-esr, TorBrowserTeam201808
Cc: mahrud Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Mozilla patched Alternate Services (Alt-Svc) to have first-party isolation:
https://bugzilla.mozilla.org/1334690, effective Firefox 54. We disabled Alt-Svc , but in TBB/ESR59 we can potentially re-enable it.

We also need to examine if there are other related headers or mechanisms that could act as supercookie vectors. (Patrick McManus mentioned alt-used as a possibility.) If there are, then those need to be isolated as well.

Child Tickets

Change History (5)

comment:1 Changed 10 months ago by gk

Keywords: tbb-linkability added
Type: defectenhancement

comment:2 Changed 8 months ago by gk

Keywords: ff60-esr added; ff59-esr removed

Firefox 60 is the new ESR.

comment:3 Changed 3 months ago by mahrud

Cc: mahrud added

Is anybody currently working on this? I'm interested in helping.
Also, these tickets seem relevant: #14952 #15575

comment:4 Changed 4 weeks ago by gk

Resolution: fixed
Status: newclosed

Fixed by commit 36724cc11e94d0dc3094c94f046d76fb5ce44a2b on tor-browser-60.1.0esr-8.0-1.

comment:5 Changed 4 weeks ago by gk

Keywords: TorBrowserTeam201808 added
Note: See TracTickets for help on using tickets.