Opened 12 months ago

#32151 new defect

Investigate RemoteSettings requests params and try to reduce info leaked about local state

Reported by: acat Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: tbb-linkability
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:



One concern is that the different parameters (etag, timestamps...) might be leaking enough info about the user state that it allows linking together requests done over time as belonging to the same user. In principle, the request parameters depend on the values returned in previous responses, and these seem not to change very often. I did not do a deep analysis, but I feel like we would not lose too much by doing the same requests without parameters (as if there was no previous state in the browser). I don't see the responses being so big, nor the requests done so often.

Child Tickets

Change History (0)

Note: See TracTickets for help on using tickets.