Prevent redirects from transmitting+storing cookies+identifiers
|Reported by:||mikeperry||Owned by:||tbb-team|
|Severity:||Major||Keywords:||tbb-linkability, tbb-testcase, tbb-torbutton|
|Cc:||joyton, gk, michael, arma||Actual Points:|
Description (last modified by mikeperry)
I've been using RequestPolicy for so long I'd not realized that redirects have been getting more and more transparent. In Firefox 4/5, the loading indications are impossible to differentiate between redirects and 3rd party loads.
There does not appear to be any obvious about:config options to enable more prompting either. We may have to dig into the RequestPolicy source to see how they do this.
Redirect notification is important if we're going to try to keep 3rd party cookies disabled (or dual-keyed). If redirects are 100% transparent, there's little point in disabling 3rd party cookies.
NoScript has some options for notifying in the case of JS redirects. We'll probably want to enable those options in TBB, too.
Change History (34)
comment:1 Changed 6 years ago by mikeperry
- Description modified (diff)
- Summary changed from TBB should display redirects for user confirmation to We should get user confirmation for redirects
comment:8 Changed 6 years ago by mikeperry
- Keywords MikePerryIteration20110911 removed
- Points 3 deleted
comment:9 Changed 6 years ago by mikeperry
- Milestone changed from TorBrowserBundle 2.2.x-stable to TorBrowserBundle 2.3.x-stable
comment:10 Changed 5 years ago by mikeperry
- Summary changed from We should get user confirmation for redirects to We should get user confirmation for automated redirect cycles
comment:11 Changed 5 years ago by mikeperry
- Summary changed from We should get user confirmation for automated redirect cycles to Prevent redirects from storing cookies+identifiers
comment:14 Changed 5 years ago by mikeperry
- Summary changed from Prevent redirects from storing cookies+identifiers to Prevent redirects from transmitting+storing cookies+identifiers
comment:24 Changed 3 years ago by erinn
- Component changed from TorBrowserButton to Tor Browser
- Keywords tbb-torbutton added
- Owner changed from mikeperry to tbb-team