#32321: https://mitmdetection.services.mozilla.com/ is contacted over catch-all circuit -------------------------------------+------------------------------------- Reporter: gk | Owner: tbb-team Type: defect | Status: new Priority: Medium | Milestone: Component: Applications/Tor | Version: Browser | Keywords: tbb-9.0-issues, Severity: Normal | tbb-9.0.1-can, tbb-linkability Actual Points: | Parent ID: Points: | Reviewer: Sponsor: | -------------------------------------+------------------------------------- If one triggers a MitM-warning (e.g. on https://mitm-software.badssl.com/) what seems to be a background request is sent over the catch-all circuit to https://mitmdetection.services.mozilla.com: {{{ [10-25 07:50:12] Torbutton INFO: tor SOCKS: https://mitmdetection.services.mozilla.com/ via --unknown--:3c6a3286392291d7459b9e131ebc8f73 }}} Either we properly do FPI here OR we just omit contacting Mozilla here at all (I think the latter sounds fine).
[https://blog.torproject.org/comment/284916#comment-284916 Reported on our blog]. -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/32321> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online
_______________________________________________ tor-bugs mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs
