Opened 4 months ago

Closed 4 months ago

Last modified 3 months ago

#32466 closed project (worksforme)

! tor users deanonymization !

Reported by: yandex Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: deanonymization
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

My Tor Browser version is 9.0.1

The page https://yandex.ru/internet/ could tack you! It could track your activity! yandex show same IPv4 IPv6 on eache of the opened tabs in Tor Browser!
Even if you launch anothe instance of Tor Browser and torify it throw SocksPort of first one.

F5 - does not works!
Ctrl + R - does not works!
New Identity - does not works!
New Tor Circuit for this site - does not works!

Every Tab on eache of two Tor Browsers show you same IPv4 IPv6.

How it could be?

Matrix has you!

Child Tickets

Change History (5)

comment:1 Changed 4 months ago by arma

Component: Core TorApplications/Tor Browser
Owner: set to tbb-team
Priority: Very HighMedium
Severity: CriticalNormal

I just tried that url, and then did a 'new circuit for this site' request, and its view of me changed.

So, it all looks fine and good to me.

Perhaps you are misunderstanding how Tor Browser's circuit isolation works? It isolates across circuits based on first-party, i.e. the domain in the address bar. So if you have two tabs each going to the same first party, they will share the same circuit.

But then, you say you tried new identity, which will probably change your exit relay. (I say 'probably' because it might change it and then select the same one the next time.) So I am not sure what to guess about what is going wrong for you.

comment:2 Changed 4 months ago by secureyourself

I opened the page mentioned above several times in the Tor Browser (using New Circuit) and in about half the cases it correctly determines my city! Security level: safest, JavaScript is disabled (by NoScript). Can anyone also check this page?

comment:3 Changed 4 months ago by yandex

It was my fault.
I have edit torrc file 2 years ago and forget about the line:

TrackHostExits yastatic.net,yandex.ru,pdd.yandex.ru,pdd.yandex.ru,yandex.st

Now it is ok.

Close the Ticket.

Last edited 4 months ago by yandex (previous) (diff)

comment:4 Changed 4 months ago by pili

Resolution: worksforme
Status: newclosed

Glad to hear you figured it out and it's all working for you now

comment:5 Changed 3 months ago by cypherpunks

no it does not

Note: See TracTickets for help on using tickets.