subject:"\[tor\-bugs\] #21905 \[Applications\/Tor Browser\]\: Allow third\-party cookies as we are isolating them to the first party in ESR52"

Re: [tor-bugs] #21905 [Applications/Tor Browser]: Allow third-party cookies as we are isolating them to the first party in ESR52

2017-08-24 Thread Tor Bug Tracker & Wiki

#21905: Allow third-party cookies as we are isolating them to the first party in
ESR52
-+--
 Reporter:  gk   |  Owner:  tbb-team
 Type:  enhancement  | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-usability-website, ff52-esr  |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+--

Comment (by pastly):

 pastly said more things on IRC.

 {{{
 [18:08:23]  Some guy that was really really sure of himself kept
 asserting that '3rd party' cookies aren't always third party or could
 somehow still be sent depending on special flags in a JavaScript request
 function. Idk. I made a PoC and tested with FF, Chrome, and TB. But think
 found that JS func and gave up trying to figure out if I was right or if
 he
 was right.
 [18:08:47]  s/But think found/but then I found/
 [18:09:40] 
 https://developer.mozilla.org/en-
 US/docs/Web/API/XMLHttpRequest/withCredent
 ials
 [18:10:08]  I guess it allows 3rd party cookies to be sent as long
 as the sites are colluding with Access-Control-Allow-Origin
 [18:11:00]  I would guess that an ad site might ask the browser
 to request the first party site in such a way that passes information such
 that the first party deposits a cookie that contains information from the
 ad site.
 [18:11:28]  is that what ACAO does?
 [18:11:41]  Dunno. I stopped thinking about it. :p
 }}}

 This may not be new to you smart browser people.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21905 [Applications/Tor Browser]: Allow third-party cookies as we are isolating them to the first party in ESR52

2017-07-11 Thread Tor Bug Tracker & Wiki

#21905: Allow third-party cookies as we are isolating them to the first party in
ESR52
-+--
 Reporter:  gk   |  Owner:  tbb-team
 Type:  enhancement  | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-usability-website, ff52-esr  |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+--
Changes (by gk):

 * cc: pastly (added)


Comment:

 pastly mentioned on IRC that Tor Browser does not protect against
 https://robinlinus.github.io/socialmedia-leak/ if we allow third-party
 cookies. But I think it should if third-party cookies are really the means
 to track users across origins. We need to investigate that more thoroughly
 before flipping the switch.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21905 [Applications/Tor Browser]: Allow third-party cookies as we are isolating them to the first party in ESR52

2017-06-05 Thread Tor Bug Tracker & Wiki

#21905: Allow third-party cookies as we are isolating them to the first party in
ESR52
-+--
 Reporter:  gk   |  Owner:  tbb-team
 Type:  enhancement  | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-usability-website, ff52-esr  |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+--

Comment (by gk):

 I was tempted to move this into our first 7.5 alpha build but it seems to
 me we might want to have some easy way to inspect the cookie isolation. Or
 do we have that already and I am just not aware of that? The browser UI is
 still broken it seems (see: #10353).

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21905 [Applications/Tor Browser]: Allow third-party cookies as we are isolating them to the first party in ESR52

2017-05-08 Thread Tor Bug Tracker & Wiki

#21905: Allow third-party cookies as we are isolating them to the first party in
ESR52
-+--
 Reporter:  gk   |  Owner:  tbb-team
 Type:  enhancement  | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-usability-website, ff52-esr  |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+--

Comment (by cypherpunks):

 As ip-check.info states, this is equal to #21756 in tracking aspect. So,
 no problem to enable it.
 Also torbutton requires some clean up, as it still uses
 `privacy.thirdparty.isolate`, resulting in:
 {{{
 15:25:20.836 NS_ERROR_UNEXPECTED: Component returned failure code:
 0x8000 (NS_ERROR_UNEXPECTED) [nsIPrefBranch.getIntPref] 1
 torbutton.js:155
 torbutton_unique_pref_observer.observe
 chrome://torbutton/content/torbutton.js:155:40
 set_valueFromPreferences
 chrome://global/content/bindings/preferences.xml:364:13
 _setValue chrome://global/content/bindings/preferences.xml:191:15
 set_value chrome://global/content/bindings/preferences.xml:198:8
 userChangedValue
 chrome://global/content/bindings/preferences.xml:1281:15
 onxblcommand
 chrome://global/content/bindings/preferences.xml:1315:9
 }}}
 from
 {{{
 switch (data) {
 case "network.cookie.cookieBehavior":
 var val =
 m_tb_prefs.getIntPref("network.cookie.cookieBehavior");
 var block_thirdparty =
 m_tb_prefs.getIntPref("privacy.thirdparty.isolate") !== 0;
 if (val == 0 && block_thirdparty) // Allow all cookies
   m_tb_prefs.setIntPref("privacy.thirdparty.isolate", 0);
 else if (val == 1 && !block_thirdparty) // Block third
 party cookies
   m_tb_prefs.setIntPref("privacy.thirdparty.isolate", 2);
 break;
 case "privacy.thirdparty.isolate":
 torbutton_update_thirdparty_prefs();
 break;
 }}}

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21905 [Applications/Tor Browser]: Allow third-party cookies as we are isolating them to the first party in ESR52

2017-04-16 Thread Tor Bug Tracker & Wiki

#21905: Allow third-party cookies as we are isolating them to the first party in
ESR52
-+--
 Reporter:  gk   |  Owner:  tbb-team
 Type:  enhancement  | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-usability-website, ff52-esr  |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+--
Changes (by arthuredelstein):

 * cc: arthuredelstein@… (added)


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21905 [Applications/Tor Browser]: Allow third-party cookies as we are isolating them to the first party in ESR52

2017-04-10 Thread Tor Bug Tracker & Wiki

#21905: Allow third-party cookies as we are isolating them to the first party in
ESR52
-+--
 Reporter:  gk   |  Owner:  tbb-team
 Type:  enhancement  | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-usability-website, ff52-esr  |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+--

Comment (by cypherpunks):

 tbb-nightly: TBB throws an error in error console when you switch "3rd-
 party cookies" in Options on Windows.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #21905 [Applications/Tor Browser]: Allow third-party cookies as we are isolating them to the first party in ESR52

2017-04-10 Thread Tor Bug Tracker & Wiki

#21905: Allow third-party cookies as we are isolating them to the first party in
ESR52
-+-
 Reporter:  gk   |  Owner:  tbb-team
 Type:  enhancement  | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor |Version:
  Browser|   Keywords:  tbb-usability-website,
 Severity:  Normal   |  ff52-esr
Actual Points:   |  Parent ID:
   Points:   |   Reviewer:
  Sponsor:   |
-+-
 Now that 3rd-party cookies get isolated as well we should relax our cookie
 handling and allow 3rd-party cookies again.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21905 [Applications/Tor Browser]: Allow third-party cookies as we are isolating them to the first party in ESR52

Re: [tor-bugs] #21905 [Applications/Tor Browser]: Allow third-party cookies as we are isolating them to the first party in ESR52

Re: [tor-bugs] #21905 [Applications/Tor Browser]: Allow third-party cookies as we are isolating them to the first party in ESR52

Re: [tor-bugs] #21905 [Applications/Tor Browser]: Allow third-party cookies as we are isolating them to the first party in ESR52

Re: [tor-bugs] #21905 [Applications/Tor Browser]: Allow third-party cookies as we are isolating them to the first party in ESR52

Re: [tor-bugs] #21905 [Applications/Tor Browser]: Allow third-party cookies as we are isolating them to the first party in ESR52

[tor-bugs] #21905 [Applications/Tor Browser]: Allow third-party cookies as we are isolating them to the first party in ESR52

7 matches

Site Navigation

Mail list logo

Footer information