#30436: Visit duration tracking possible in TorBrowser using a favicon which downloads from a server using a connection that's never closed --------------------------------------+----------------------------------- Reporter: ehsan.akhgari@… | Owner: tbb-team Type: defect | Status: needs_information Priority: Medium | Milestone: Component: Applications/Tor Browser | Version: Severity: Normal | Resolution: Keywords: | Actual Points: Parent ID: | Points: Reviewer: | Sponsor: --------------------------------------+----------------------------------- Changes (by gk):
* status: new => needs_information * owner: (none) => tbb-team * component: - Select a component => Applications/Tor Browser Comment: So, right now I wonder what we should do here and what the threat is. It does seem to me that this technique is a problem for cross-origin tracking with identifiers which we try to defend with First Party Isolation against. But it does not seem to be a fingerprinting technique either. Moreover, what's the threat here? A malicious first party domain a user is interacting with. What would it gain by measuring the page visit time with that technique? How would it single out me be it either during a particular session of across sessions with _just_ the scenario described in the links in your description (however, I admit this is a neat idea :) ). -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30436#comment:1> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online
_______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs