Opened 7 months ago

Last modified 7 months ago

#27260 new defect

Audit network.http.spdy.enabled.deps

Reported by: arthuredelstein Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: tbb-fingerprinting, tbb-linkability, ff60-esr
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Does leaving this pref to "true" have any fingerprinting or linkability risks?

Child Tickets

Change History (4)

comment:1 Changed 7 months ago by arthuredelstein

Component: - Select a componentApplications/Tor Browser
Owner: set to tbb-team

comment:2 Changed 7 months ago by fixtbb

comment:4 Changed 7 months ago by fixtbb

$%@! Mozilla! They use two (or more?) different ways to access prefs!

Stream Dependencies looks like a QoS for the protocol.
As Tor Browser uses FPI, all http/2 multiplexed streams should go through isolated tor circuit for one first party only. Then, from Privacy Concerns, only timing-based attack is feasible, but unreliable.

Note: See TracTickets for help on using tickets.