Re: [tor-bugs] #14952 [Applications/Tor Browser]: Audit HTTP/2 and SPDY if needed

[Tor Bug Tracker & Wiki]

#14952: Audit HTTP/2 and SPDY if needed
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  task | Status:  closed
 Priority:  Very High|  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:  fixed
 Keywords:  tbb-linkability, tbb-usability-  |  Actual Points:
  website, tbb-performance, ff60-esr,|
  TorBrowserTeam201808R  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by gk):

 * status:  needs_review => closed
 * resolution:   => fixed


Comment:

 Thanks for the detailed analysis! Closing this ticket then. Let's file
 follow-up tickets in case we hit something related to HTTP2/AltSvc.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #14952 [Applications/Tor Browser]: Audit HTTP/2 and SPDY if needed

[Tor Bug Tracker & Wiki]

#14952: Audit HTTP/2 and SPDY if needed
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  task | Status:
 |  needs_review
 Priority:  Very High|  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-linkability, tbb-usability-  |  Actual Points:
  website, tbb-performance, ff60-esr,|
  TorBrowserTeam201808R  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by arthuredelstein):

 * status:  new => needs_review
 * keywords:
 tbb-linkability, tbb-usability-website, tbb-performance, ff60-esr,
 TorBrowserTeam201808
 =>
 tbb-linkability, tbb-usability-website, tbb-performance, ff60-esr,
 TorBrowserTeam201808R


Comment:

 Replying to [comment:44 gk]:

 > 1) Is the disk avoidance requirement respected in case there is some
 caching going on?

 I took two approaches to try to confirm that HTTP/2 is respecting disk
 avoidance.

 '''1.''' In the first approach, I read through the caching code and
 installed breakpoints using gdb:

 To write to the cache, nsHttpChannel.cpp calls
 mCacheEntry->OpenOutputStream
 https://dxr.mozilla.org/mozilla-
 
esr60/rev/dd52b41d2b775e5c7261ce52795268b7670635fc/netwerk/protocol/http/nsHttpChannel.cpp#5395

 I repeatedly hard-reloaded
 https://commons.wikimedia.org/wiki/Vincent_van_Gogh, and I confirmed this
 code location was hit repeatedly with "network.http.spdy.enabled" and
 "network.http.spdy.enabled.http2" set to `false`, and also with both set
 to `true`. I used the Network Monitor tab to confirm that files were
 loading via HTTP/1.1 GET requests in the first case, and HTTP/2.0 in the
 second.

 This indicates to me what I gathered from reading the code: that both
 HTTP1 and HTTP2 are using the same caching mechanism. So that gives us at
 least some hope that the private browsing policies are the same.

 Then I looked at AltSvc. The AlternativeServices.cpp uses DataStorage.cpp
 to store its AltSvcMapping data (the mapping between primary
 scheme/host/port and alternate service scheme/host/port). DataStorage has
 three DataStorageType values:
 * DataStorage_Persistent
 * DataStorage_Temporary
 * DataStorage_Private

 Only the DataStorage_Persistent type is sync'd to disk. So I wanted to
 confirm that DataStorage_Private is being used. So I put a breakpoint
 where AlternateServices.cpp stores a mapping:
 https://dxr.mozilla.org/mozilla-
 
esr60/rev/dd52b41d2b775e5c7261ce52795268b7670635fc/netwerk/protocol/http/AlternateServices.cpp#281
 and then repeatedly visited an AltSvc header demo served at
 https://arthuredelstein.net/altsvc
 I confirmed there that mPrivate was always true, and thus
 DataStorage_Private is used in Tor Browser.


 '''2.''' The second approach was to use parent-process JS to measure the
 cache's disk consumption. I experimented with Firefox and Tor Browser.
 First I entered the following code in the Browser Console:

 {{{
 let logDiskConsumption = () => Services.cache2.asyncGetDiskConsumption({
   onNetworkCacheDiskConsumption: x => console.log(x),
   QueryInterface: XPCOMUtils.generateQI([
 Ci.nsISupportsWeakReference
   ])
 });
 setInterval(logDiskConsumption, 250);
 Services.cache2.clear();
 gBrowser.loadURI("https://commons.wikimedia.org/wiki/Vincent_van_Gogh";);
 }}}

 This code logs the number of bytes found in the disk cache every 250 ms.

 In Firefox 60.1.0esr, I confirmed that "network.http.spdy.enabled" and
 "network.http.spdy.enabled.http2" were set to `true` by default. Upon
 running the above code, I could see the disk consumption monotonically
 increasing until the wikimedia page was fully loaded. Then the disk
 consumption stopped increasing (and remained constant at 2722816). The
 Network Monitor indicated HTTP/2 was being used.

 In Tor Browser 8.0a9, I manually set "network.http.spdy.enabled" and
 "network.http.spdy.enabled.http2" to true, because they were false by
 default. Then I ran the same code in the Browser Console, and confirmed
 that the total disk consumption remained constant at zero. Again, I used
 the Network Monitor to confirm HTTP/2.0 GET requests were being used.

 (I also checked a Private Browsing Window with Firefox 60.1.0esr and saw
 no disk consumption. And ran the code in Tor Browser with
 "private.firstparty.isolate" set to false, again with no disk
 consumption.)

 From the results of these two approaches, I am persuaded that normal HTTP
 caching, at least for loading web pages and images, is avoi

Re: [tor-bugs] #14952 [Applications/Tor Browser]: Audit HTTP/2 and SPDY if needed

[Tor Bug Tracker & Wiki]

#14952: Audit HTTP/2 and SPDY if needed
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  task | Status:  new
 Priority:  Very High|  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-linkability, tbb-usability-  |  Actual Points:
  website, tbb-performance, ff60-esr,|
  TorBrowserTeam201808   |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by gk):

 * parent:  #25735 =>


Comment:

 #25735 should be fixed with the changes committed in comment:49,
 unparenting.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #14952 [Applications/Tor Browser]: Audit HTTP/2 and SPDY if needed

[Tor Bug Tracker & Wiki]

#14952: Audit HTTP/2 and SPDY if needed
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  task | Status:  new
 Priority:  Very High|  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-linkability, tbb-usability-  |  Actual Points:
  website, tbb-performance, ff60-esr,|
  TorBrowserTeam201808   |
Parent ID:  #25735   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by gk):

 * status:  needs_review => new
 * keywords:
 tbb-linkability, tbb-usability-website, tbb-performance, ff60-esr,
 TorBrowserTeam201808R
 =>
 tbb-linkability, tbb-usability-website, tbb-performance, ff60-esr,
 TorBrowserTeam201808


Comment:

 Replying to [comment:47 arthuredelstein]:

 [snip]

 > Here's the revised patch for review:
 >
 > https://github.com/arthuredelstein/tor-browser/commit/14952+1

 Looks good. commit 36724cc11e94d0dc3094c94f046d76fb5ce44a2b on `tor-
 browser-60.1.0esr-8.0-1` has the changes.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #14952 [Applications/Tor Browser]: Audit HTTP/2 and SPDY if needed

[Tor Bug Tracker & Wiki]

#14952: Audit HTTP/2 and SPDY if needed
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  task | Status:
 |  needs_review
 Priority:  Very High|  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-linkability, tbb-usability-  |  Actual Points:
  website, tbb-performance, ff60-esr,|
  TorBrowserTeam201808R  |
Parent ID:  #25735   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by arthuredelstein):

 * status:  needs_revision => needs_review
 * keywords:
 tbb-linkability, tbb-usability-website, tbb-performance, ff60-esr,
 TorBrowserTeam201808
 =>
 tbb-linkability, tbb-usability-website, tbb-performance, ff60-esr,
 TorBrowserTeam201808R


Comment:

 Requesting review for the revised patch, but in the meantime I am also
 still looking into the disk avoidance question.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #14952 [Applications/Tor Browser]: Audit HTTP/2 and SPDY if needed

[Tor Bug Tracker & Wiki]

#14952: Audit HTTP/2 and SPDY if needed
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  task | Status:
 |  needs_revision
 Priority:  Very High|  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-linkability, tbb-usability-  |  Actual Points:
  website, tbb-performance, ff60-esr,|
  TorBrowserTeam201808   |
Parent ID:  #25735   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by arthuredelstein):

 Replying to [comment:44 gk]:
 > Nice, thanks for the investigation. Some first thoughts while reading
 through your notes:

 Thanks for the review and these good questions:

 > 1) Is the disk avoidance requirement respected in case there is some
 caching going on?

 I'm still working on figuring this out and will post here when I have an
 answer.

 > 2) Does New Identity give us a clean slate with HTTP/2 enabled?

 I looked into network connections, which are supposed to be killed as a
 result of torbutton sending a `net:prune-all-connections` notification. I
 followed the code to
 nsHttpConnectionMgr::ClosePersistentConnections(nsConnectionEntry *ent),
 which removes idle nsHttpConnections, causes active nsHttpConnections
 (which represents both HTTP1 and HTTP/2 connections) to immediately
 expire, regardless of whether these nsHttpConnections are HTTP/2
 (mSpdySession) or not. So I think New Identity is correctly stopping
 HTTP/2 connections.

 > 3) I don't see why we want to have server push enabled. Let's try with
 that disabled first.

 OK, I've opened #27127 to remind us to audit and potentially enable push
 in the future. In the meantime I will set `network.http.spdy.allow-push`
 to false.

 > 4) I am fine leaving possible PING/SETTINGS-related timing side-channels
 for a different bug for now. If so, please open a new one.

 I opened #27123.

 > 5) I am not overly happy about the different values of some of the prefs
 you mentioned above depending on being on a desktop/mobile platform we
 should investigate the impact of shipping the same configuration for both
 of them. After all, `tbb-fingerprinting-os` bugs are still bugs. I guess
 this can be done in a new bug as well.

 OK, I have opened #27128.

 Replying to [comment:45 gk]:
 > Oh, and 6): What about `dom.push.http2.*`? Are we getting the code
 behind those as well and, if so, are we good with it?

 These prefs are used by the Push API implementation. We are not currently
 affected by them, because we have dom.push.enabled set to false and
 dom.servicesWorkers.enabled set to false (both following Firefox 60ESR).
 These will be enabled in the next ESR, however (#15563).

 Here's the revised patch for review:

 https://github.com/arthuredelstein/tor-browser/commit/14952+1

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #14952 [Applications/Tor Browser]: Audit HTTP/2 and SPDY if needed

[Tor Bug Tracker & Wiki]

#14952: Audit HTTP/2 and SPDY if needed
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  task | Status:
 |  needs_revision
 Priority:  Very High|  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-linkability, tbb-usability-  |  Actual Points:
  website, tbb-performance, ff60-esr,|
  TorBrowserTeam201808   |
Parent ID:  #25735   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by dmr):

 * cc: dmr (added)


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #14952 [Applications/Tor Browser]: Audit HTTP/2 and SPDY if needed

[Tor Bug Tracker & Wiki]

#14952: Audit HTTP/2 and SPDY if needed
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  task | Status:
 |  needs_revision
 Priority:  Very High|  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-linkability, tbb-usability-  |  Actual Points:
  website, tbb-performance, ff60-esr,|
  TorBrowserTeam201808   |
Parent ID:  #25735   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by gk):

 Oh, and 6): What about `dom.push.http2.*`? Are we getting the code behind
 those as well and if so, are we good with it?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #14952 [Applications/Tor Browser]: Audit HTTP/2 and SPDY if needed

[Tor Bug Tracker & Wiki]

#14952: Audit HTTP/2 and SPDY if needed
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  task | Status:
 |  needs_revision
 Priority:  Very High|  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-linkability, tbb-usability-  |  Actual Points:
  website, tbb-performance, ff60-esr,|
  TorBrowserTeam201808   |
Parent ID:  #25735   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by gk):

 * keywords:
 tbb-linkability, tbb-usability-website, tbb-performance, ff60-esr,
 TorBrowserTeam201808R
 =>
 tbb-linkability, tbb-usability-website, tbb-performance, ff60-esr,
 TorBrowserTeam201808
 * status:  needs_review => needs_revision


Comment:

 Nice, thanks for the investigation. Some first thoughts while reading
 through your notes:

 1) Is the disk avoidance requirement respected in case there is some
 caching going on?
 2) Does New Identity give us a clean slate with HTTP/2 enabled?
 3) I don't see why we want to have server push enabled. Let's try with
 that disabled first.
 4) I am fine leaving possible PING/SETTINGS-related timing side-channels
 for a different bug for now. If so, please open a new one.
 5) I am not overly happy about the different values of some of the prefs
 you mentioned above depending on being on a desktop/mobile platform we
 should investigate the impact of shipping the same configuration for both
 of them. After all, `tbb-fingerprinting-os` bugs are still bugs. I guess
 this can be done in a new bug as well.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #14952 [Applications/Tor Browser]: Audit HTTP/2 and SPDY if needed

[Tor Bug Tracker & Wiki]

#14952: Audit HTTP/2 and SPDY if needed
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  task | Status:
 |  needs_review
 Priority:  Very High|  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-linkability, tbb-usability-  |  Actual Points:
  website, tbb-performance, ff60-esr,|
  TorBrowserTeam201808R  |
Parent ID:  #25735   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by arthuredelstein):

 * keywords:
 tbb-linkability, tbb-usability-website, tbb-performance, ff60-esr,
 TorBrowserTeam201808
 =>
 tbb-linkability, tbb-usability-website, tbb-performance, ff60-esr,
 TorBrowserTeam201808R
 * status:  assigned => needs_review


Comment:

 To audit the HTTP2 implementation, I read through the code in:
 * nsHttpConnectionManager.h/.cpp
 * ASpdySession.h/.cpp
 * Http2Push.h/.cpp
 * Http2Session.h/.cpp
 * Http2Stream.h/.cpp

 I didn't find any obvious instances where cross-first-party state might be
 leaked to content. I did note a number of places in the code where Origin
 Attributes are used to isolate by first-party or container ID:

 == HTTP/2 ==

 Each HTTP2 connection is specified by an nsConnectionEntry, which is
 assigned a single nsHttpConnectionInfo object. nsHttpTransaction is also
 assigned an nsHttpConnectionInfo object.

 * nsHttpConnectionInfo hashes use OriginAttributes:
  https://dxr.mozilla.org/mozilla-
 
esr60/rev/dd52b41d2b775e5c7261ce52795268b7670635fc/netwerk/protocol/http/nsHttpConnectionInfo.cpp#115

 * HTTP2Stream shares origin attributes with the socket transport:
  https://dxr.mozilla.org/mozilla-
 
esr60/rev/dd52b41d2b775e5c7261ce52795268b7670635fc/netwerk/protocol/http/Http2Stream.cpp#1684

 Stateful HTTP/2 features need to be isolated by first party as well.

 * BuildOriginFrameHashKey uses OriginAttributes:
  https://dxr.mozilla.org/mozilla-
 
esr60/rev/dd52b41d2b775e5c7261ce52795268b7670635fc/netwerk/protocol/http/nsHttpConnectionMgr.cpp#743
  (Note that OriginFrames are disabled when Firefox uses a proxy.)

 * Coalescing Origins:
  mCoalescingKeys.AppendElement uses OriginAttributes
  https://dxr.mozilla.org/mozilla-
 
esr60/rev/dd52b41d2b775e5c7261ce52795268b7670635fc/netwerk/protocol/http/nsHttpConnectionMgr.cpp#5097

 * Push Stream hashes use OriginAttributes:
  https://dxr.mozilla.org/mozilla-
 
esr60/rev/dd52b41d2b775e5c7261ce52795268b7670635fc/netwerk/protocol/http/Http2Stream.cpp#368

 I also confirmed the file cache is isolated

 * CacheFileUtils::AppendKeyPrefix uses Origin Attributes:
  https://dxr.mozilla.org/mozilla-
 
esr60/rev/dd52b41d2b775e5c7261ce52795268b7670635fc/netwerk/cache2/CacheFileUtils.cpp#203

 == AltSvc ==

 I also wanted to check that AltSvc will be isolated by first party. I
 confirmed that Alternate Service hashes use OriginAttributes:
  https://dxr.mozilla.org/mozilla-
 esr60/rev/dd52b41d2b775e5c7261ce52795268b7670635fc/
 netwerk/protocol/http/AlternateServices.cpp#221

 == Passive Fingerprinting ==

 Both documents above (linked to in comment:30 and comment:32) raise the
 possibility of passive fingerprinting via HTTP/2 Settings parameters.
 Here's what I found:

 * SETTINGS_HEADER_TABLE_SIZE depends on the "network.http.spdy.default-
 hpack-buffer" pref. In Firefox it is set by default to 65536 on desktop
 and 4096 on mobile.
 * SETTINGS_ENABLE_PUSH and SETTINGS_MAX_CONCURRENT_STREAMS depend on
 "network.http.spdy.allow-push" pref, which is "true" by default.
 * SETTINGS_INITIAL_WINDOW_SIZE depends on "network.http.spdy.push-
 allowance", which is 131072 on desktop and 32768 on mobile by default.
 * SETTINGS_MAX_FRAME_SIZE is always set to 0x4000.

 The above prefs don't provide significant entropy, unless the user has
 modified the one or more of them from their default value. Otherwise they
 mainly serve to distinguish different browsers or platforms.

 PING or SETTINGS updates timing side-channels are something I am not
 addressing here. I think they could do with further investigation.

 == Results and patch ==

 The isolation of state to origin attributes looks well done to me in
 Firefox 60ESR's implementation of HTTP2. That said, the code is highly
 complex so it would be impossible to say I haven't missed any leaks of
 state to content or fingerprinting attacks. It would be good to have
 https://bugzilla.mozilla.org/show_bug.cgi?id=1337868 implemented by the
 Tor uplift team if possible.

 Over the long term, I would suggest that we should

Re: [tor-bugs] #14952 [Applications/Tor Browser]: Audit HTTP/2 and SPDY if needed

[Tor Bug Tracker & Wiki]

#14952: Audit HTTP/2 and SPDY if needed
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  task | Status:
 |  assigned
 Priority:  Very High|  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-linkability, tbb-usability-  |  Actual Points:
  website, tbb-performance, ff60-esr,|
  TorBrowserTeam201807   |
Parent ID:  #25735   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by gk):

 * parent:   => #25735


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #14952 [Applications/Tor Browser]: Audit HTTP/2 and SPDY if needed

[Tor Bug Tracker & Wiki]

#14952: Audit HTTP/2 and SPDY if needed
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  task | Status:
 |  assigned
 Priority:  Very High|  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-linkability, tbb-usability-  |  Actual Points:
  website, tbb-performance, ff60-esr,|
  TorBrowserTeam201806   |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by mahrud):

 * cc: mahrud (added)


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #14952 [Applications/Tor Browser]: Audit HTTP/2 and SPDY if needed

[Tor Bug Tracker & Wiki]

#14952: Audit HTTP/2 and SPDY if needed
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  task | Status:
 |  assigned
 Priority:  Very High|  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-linkability, tbb-usability-  |  Actual Points:
  website, tbb-performance, ff60-esr,|
  TorBrowserTeam201805   |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by gk):

 * priority:  High => Very High


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #14952 [Applications/Tor Browser]: Audit HTTP/2 and SPDY if needed

[Tor Bug Tracker & Wiki]

#14952: Audit HTTP/2 and SPDY if needed
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  task | Status:
 |  assigned
 Priority:  High |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-linkability, tbb-usability-  |  Actual Points:
  website, tbb-performance, ff60-esr,|
  TorBrowserTeam201805   |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by gk):

 * keywords:  tbb-linkability, tbb-usability-website, tbb-performance,
 ff60-esr =>
 tbb-linkability, tbb-usability-website, tbb-performance, ff60-esr,
 TorBrowserTeam201805


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #14952 [Applications/Tor Browser]: Audit HTTP/2 and SPDY if needed

[Tor Bug Tracker & Wiki]

#14952: Audit HTTP/2 and SPDY if needed
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  task | Status:
 |  assigned
 Priority:  High |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-linkability, tbb-usability-  |  Actual Points:
  website, tbb-performance, ff60-esr |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by gk):

 We have first sites that basically break without having HTTP/2 enabled,
 see #25735.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #14952 [Applications/Tor Browser]: Audit HTTP/2 and SPDY if needed

[Tor Bug Tracker & Wiki]

#14952: Audit HTTP/2 and SPDY if needed
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  task | Status:
 |  assigned
 Priority:  High |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-linkability, tbb-usability-  |  Actual Points:
  website, tbb-performance, ff60-esr |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by sysrqb):

 Replying to [comment:33 cypherpunks]:
 > FWIW according to w3techs [https://w3techs.com/technologies/details/ce-
 http2/all/all HTTP/2 is used by 24.5% of all the websites].

 Yes, this is on the roadmap, we should be looking at this real-soon-now.
 Thanks!

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #14952 [Applications/Tor Browser]: Audit HTTP/2 and SPDY if needed

[Tor Bug Tracker & Wiki]

#14952: Audit HTTP/2 and SPDY if needed
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  task | Status:
 |  assigned
 Priority:  High |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-linkability, tbb-usability-  |  Actual Points:
  website, tbb-performance, ff60-esr |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by cypherpunks):

 FWIW according to w3techs [https://w3techs.com/technologies/details/ce-
 http2/all/all HTTP/2 is used by 24.5% of all the websites].

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #14952 [Applications/Tor Browser]: Audit HTTP/2 and SPDY if needed

[Tor Bug Tracker & Wiki]

#14952: Audit HTTP/2 and SPDY if needed
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  task | Status:
 |  assigned
 Priority:  High |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-linkability, tbb-usability-  |  Actual Points:
  website, tbb-performance, ff60-esr |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by arthuredelstein):

 And this document: https://gitweb.torproject.org/tor-browser-
 spec.git/plain/position-papers/HTTP3/HTTP3.pdf

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #14952 [Applications/Tor Browser]: Audit HTTP/2 and SPDY if needed

[Tor Bug Tracker & Wiki]

#14952: Audit HTTP/2 and SPDY if needed
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  task | Status:
 |  assigned
 Priority:  High |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-linkability, tbb-usability-  |  Actual Points:
  website, tbb-performance, ff59-esr |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by arthuredelstein):

 This document on H2 fingerprinting also seems very relevant:
 https://www.blackhat.com/docs/eu-17/materials/eu-17-Shuster-Passive-
 Fingerprinting-Of-HTTP2-Clients-wp.pdf

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #14952 [Applications/Tor Browser]: Audit HTTP/2 and SPDY if needed

[Tor Bug Tracker & Wiki]

#14952: Audit HTTP/2 and SPDY if needed
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  task | Status:
 |  assigned
 Priority:  High |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-linkability, tbb-usability-  |  Actual Points:
  website, tbb-performance, ff59-esr |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by arthuredelstein):

 Patrick McManus suggested we check if origin frames are properly isolated.
 Firefox has a pref to disable them if needed.

 https://tools.ietf.org/html/draft-ietf-httpbis-origin-frame-04

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #14952 [Applications/Tor Browser]: Audit HTTP/2 and SPDY if needed

[Tor Bug Tracker & Wiki]

#14952: Audit HTTP/2 and SPDY if needed
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  task | Status:
 |  assigned
 Priority:  High |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-linkability, tbb-usability-  |  Actual Points:
  website, tbb-performance, ff59-esr |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by cypherpunks):

 * keywords:  tbb-linkability, tbb-usability-website, tbb-performance, ff-
 59esr => tbb-linkability, tbb-usability-website, tbb-performance,
 ff59-esr


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #14952 [Applications/Tor Browser]: Audit HTTP/2 and SPDY if needed

[Tor Bug Tracker & Wiki]

#14952: Audit HTTP/2 and SPDY if needed
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  task | Status:
 |  assigned
 Priority:  High |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-linkability, tbb-usability-  |  Actual Points:
  website, tbb-performance, ff-59esr |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by arthuredelstein):

 * keywords:  tbb-linkability, tbb-usability-website, tbb-performance =>
 tbb-linkability, tbb-usability-website, tbb-performance, ff-59esr


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #14952 [Applications/Tor Browser]: Audit HTTP/2 and SPDY if needed

[Tor Bug Tracker & Wiki]

#14952: Audit HTTP/2 and SPDY if needed
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  task | Status:
 |  assigned
 Priority:  High |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-linkability, tbb-usability-  |  Actual Points:
  website, tbb-performance   |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by arthuredelstein):

 Here's a bug that was resolved for Firefox 55:
 https://bugzilla.mozilla.org/show_bug.cgi?id=1334693
 So it looks like a lot of work has been done already.

 There's also a bug suggesting some unit tests should be written:
 https://bugzilla.mozilla.org/show_bug.cgi?id=1337868

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #14952 [Applications/Tor Browser]: Audit HTTP/2 and SPDY if needed

[Tor Bug Tracker & Wiki]

#14952: Audit HTTP/2 and SPDY if needed
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  task | Status:
 |  assigned
 Priority:  High |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-linkability, tbb-usability-  |  Actual Points:
  website, tbb-performance   |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by arthuredelstein):

 Mozilla decided not to backport their patches for first-party isolation of
 AltSvc,
 https://bugzilla.mozilla.org/1334690#c16,
 so we would need to do so for TBB/ESR52,
 https://bugzilla.mozilla.org/show_bug.cgi?id=1334690#c16

 We also need to examine if there are other HTTP/2 headers or mechanisms
 that could act as supercookie vectors. (Patrick McManus mentioned alt-used
 as a possibility.) If there are, then those need to be isolated as well.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #14952 [Applications/Tor Browser]: Audit HTTP/2 and SPDY if needed

[Tor Bug Tracker & Wiki]

#14952: Audit HTTP/2 and SPDY if needed
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  task | Status:
 |  assigned
 Priority:  High |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-linkability, tbb-usability-  |  Actual Points:
  website, tbb-performance   |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by arthuredelstein):

 * keywords:  tbb-linkability, tbb-usability-website => tbb-linkability,
 tbb-usability-website, tbb-performance
 * cc: arthuredelstein (added)


Comment:

 I wondered what the performance effects of SPDY/HTTP2 are. As a simple
 test, I used the network panel in Tor Browser to compare the loading speed
 of https://en.wikipedia.org/wiki/Main_Page. Here are the page loading
 times, in seconds:

 {{{
 network.http.spdy.enabled = false
 8.36, 7.21, 7.16, 6.47, 9.39, 7.19, 7.10, 7.05,
 7.21, 7.03, 8.58, 9.41, 7.03, 6.93, 6.81, 7.40
 Average: 7.52 ± 0.90 s

 network.http.spdy.enabled = true (also, sub-prefs enabled)
 4.67, 5.18, 4.81, 4.56, 5.03, 4.62, 5.21, 4.95,
 4.67, 4.69, 5.04, 4.73, 4.86, 4.71, 4.60, 4.82
 Average: 4.82 ± 0.21 s
 }}}

 So, at least on this page, Tor Browser would benefit from re-enabled
 HTTP2/SPDY (unsuprisingly).

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #14952 [Applications/Tor Browser]: Audit HTTP/2 and SPDY if needed

[Tor Bug Tracker & Wiki]

#14952: Audit HTTP/2 and SPDY if needed
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  task | Status:
 |  assigned
 Priority:  High |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-linkability, tbb-usability-  |  Actual Points:
  website|
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by gk):

 * cc: gk (added)


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #14952 [Applications/Tor Browser]: Audit HTTP/2 and SPDY if needed

[Tor Bug Tracker & Wiki]

#14952: Audit HTTP/2 and SPDY if needed
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  task | Status:
 |  assigned
 Priority:  High |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-linkability, tbb-usability-  |  Actual Points:
  website|
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by gk):

 * keywords:   => tbb-linkability, tbb-usability-website
 * owner:  mikeperry => tbb-team


Comment:

 Keep #16673 in mind.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #14952 [Applications/Tor Browser]: Audit HTTP/2 and SPDY if needed (was: Audit HTTP/2)

[Tor Bug Tracker & Wiki]

#14952: Audit HTTP/2 and SPDY if needed
--+---
 Reporter:  gk|  Owner:  mikeperry
 Type:  task  | Status:  assigned
 Priority:  High  |  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+---

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs