Re: [tor-bugs] #18589 [Applications/Tor Browser]: Tor browser writes SiteSecurityServiceState.txt with usage history

[Tor Bug Tracker & Wiki]

#18589: Tor browser writes SiteSecurityServiceState.txt with usage history
--+--
 Reporter:  cypherpunks   |  Owner:  tbb-team
 Type:  defect| Status:  assigned
 Priority:  High  |  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Major | Resolution:
 Keywords:  tbb-disk-leak |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by arma):

 irc discussion clarifying what remains on this ticket:
 {{{
 > so maybe #18589 is finished, since it's only the internal chrome stuff
 that gets recorded? so long as this is a result of an active configuration
 choice made by tor browser, and not a coincidence that will get reverted
 later by accident?
  yes, that could be the case. however, there might be timestamps
 stored that give hints on when the update checks happened
  so, there are still trade-offs here
  and someone needs to track down what actually happens
  and whether that's okay in all (corner)-cases
  then we can make a decision of either fixing the bug or closing it
 as won't fix and adjust our design doc
 }}}

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #18589 [Applications/Tor Browser]: Tor browser writes SiteSecurityServiceState.txt with usage history

[Tor Bug Tracker & Wiki]

#18589: Tor browser writes SiteSecurityServiceState.txt with usage history
--+--
 Reporter:  cypherpunks   |  Owner:  tbb-team
 Type:  defect| Status:  assigned
 Priority:  High  |  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Major | Resolution:
 Keywords:  tbb-disk-leak |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by gk):

 Replying to [comment:16 bloginfo]:
 > You can disable this history , by giving the false value to the
 [https://www.dsfc.net/logiciel-libre/firefox-logiciel-libre/collecte-
 sites-tls-
 
firefox/#Desactiver_la_collecte_des_sites_dans_le_fichier_SiteSecurityServiceStatetxt
 network.stricttransportsecurity.preloadlist] key in !about:config.

 Well, it seems you disable at least part of the strict security feature
 that way, but that's what we do not want to do. We only want to avoid
 writing the usage history to disk.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #18589 [Applications/Tor Browser]: Tor browser writes SiteSecurityServiceState.txt with usage history

[Tor Bug Tracker & Wiki]

#18589: Tor browser writes SiteSecurityServiceState.txt with usage history
--+--
 Reporter:  cypherpunks   |  Owner:  tbb-team
 Type:  defect| Status:  assigned
 Priority:  High  |  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Major | Resolution:
 Keywords:  tbb-disk-leak |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by bloginfo):

 You can disable this history , by giving the false value to the
 [https://www.dsfc.net/logiciel-libre/firefox-logiciel-libre/collecte-
 sites-tls-
 
firefox/#Desactiver_la_collecte_des_sites_dans_le_fichier_SiteSecurityServiceStatetxt
 network.stricttransportsecurity.preloadlist] key in !about:config.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #18589 [Applications/Tor Browser]: Tor browser writes SiteSecurityServiceState.txt with usage history

[Tor Bug Tracker & Wiki]

#18589: Tor browser writes SiteSecurityServiceState.txt with usage history
--+--
 Reporter:  cypherpunks   |  Owner:  tbb-team
 Type:  defect| Status:  assigned
 Priority:  High  |  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Major | Resolution:
 Keywords:  tbb-disk-leak |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by cypherpunks):

 Tor Browser does that only for requests from its parts that are not in
 Private Browsing. See #20491.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #18589 [Applications/Tor Browser]: Tor browser writes SiteSecurityServiceState.txt with usage history

[Tor Bug Tracker & Wiki]

#18589: Tor browser writes SiteSecurityServiceState.txt with usage history
--+--
 Reporter:  cypherpunks   |  Owner:  tbb-team
 Type:  defect| Status:  assigned
 Priority:  High  |  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Major | Resolution:
 Keywords:  tbb-disk-leak |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by gacar):

 Replying to [comment:13 gk]:

 > Interesting. Does the same happen with a vanilla Firefox 45.8.0esr? How
 did you test that?

 No, Firefox 45.8.0esr stores the HSTS and HPKP pins from all sites.

 I start with a fresh profile, visit HSTS/HPKP enables sites such as
 github.com, ssllabs.com and metrics.torproject.org. Then I close the
 browser and check the SiteSecurityServiceState.txt contents.

 Vanilla ESR stores GitHub, ssllabs and metrics.torproject.org HSTS (and
 HPKP where available) pins, whereas TB only stores entries related to
 torproject.org.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #18589 [Applications/Tor Browser]: Tor browser writes SiteSecurityServiceState.txt with usage history

[Tor Bug Tracker & Wiki]

#18589: Tor browser writes SiteSecurityServiceState.txt with usage history
--+--
 Reporter:  cypherpunks   |  Owner:  tbb-team
 Type:  defect| Status:  assigned
 Priority:  High  |  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Major | Resolution:
 Keywords:  tbb-disk-leak |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by gk):

 Replying to [comment:12 gacar]:
 > PS: I should also note that I couldn't completely reproduce the problem
 with 6.5.1 and 7.0a2 on Linux 64. Although I visited several sites that
 send HSTS headers, only a few TPO and AMO-related domains
 (aus1.torproject.org, www.torproject.org, aus1.torproject.org) added to
 the SiteSecurityServiceState.txt  (something to do with the chrome vs
 content connections?).

 Interesting. Does the same happen with a vanilla Firefox 45.8.0esr? How
 did you test that?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #18589 [Applications/Tor Browser]: Tor browser writes SiteSecurityServiceState.txt with usage history

[Tor Bug Tracker & Wiki]

#18589: Tor browser writes SiteSecurityServiceState.txt with usage history
--+--
 Reporter:  cypherpunks   |  Owner:  tbb-team
 Type:  defect| Status:  assigned
 Priority:  High  |  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Major | Resolution:
 Keywords:  tbb-disk-leak |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by gacar):

 Although the number of preloaded STS sites is small, popular STS sites are
 more likely to be included in the preload list:

 || '''Site rank''' || '''# of preloaded STS sites[[BR]]/[[BR]]# of STS
 enabled sites''' ||
 || Top 10 || 33% ||
 || Top 100 || 24% ||
 || Top 1K || 16.5% ||
 || Top 10K || 12.5% ||
 || Top 100K || 8.5% ||
 || Top 1M || 4.7% (1883/39408) ||

 Anyways, I think the privacy risk of revealing browsing history still
 outweighs the potential security benefits.

 PS: I should also note that I couldn't completely reproduce the problem
 with 6.5.1 and 7.0a2 on Linux 64. Although I visited several sites that
 send HSTS headers, only a few TPO and AMO-related domains
 (aus1.torproject.org, www.torproject.org, aus1.torproject.org) added to
 the SiteSecurityServiceState.txt  (something to do with the chrome vs
 content connections?).

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #18589 [Applications/Tor Browser]: Tor browser writes SiteSecurityServiceState.txt with usage history

[Tor Bug Tracker & Wiki]

#18589: Tor browser writes SiteSecurityServiceState.txt with usage history
--+--
 Reporter:  cypherpunks   |  Owner:  tbb-team
 Type:  defect| Status:  assigned
 Priority:  High  |  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Major | Resolution:
 Keywords:  tbb-disk-leak |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by gacar):

 Replying to [comment:10 gk]:
 > We might want to look at the amount of sites that provide HSTS/HPKP
 headers while not being on the preload list. If the amount of those sites
 is small (or if the amount of those sites in the top 1,000,000 sites is
 small?) we might want to think about clearing the state after a session as
 well.


 I compared the preloaded STS sites on mozilla-central [0] to top 1 million
 sites that send STS headers [1].

 There were:
 * 18317 preload sites
 * 39408 sites that send STS headers in top million

 Only 1883 of the 39408 STS sites found in the preloaded list. I took
 `include_subdomains` into consideration when matching the domains in two
 list.

 [0]: https://hg.mozilla.org/mozilla-
 central/file/tip/security/manager/ssl/nsSTSPreloadList.inc
 [1]: https://scans.io/study/scott-top-one-million (version: 14/3/2017)

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #18589 [Applications/Tor Browser]: Tor browser writes SiteSecurityServiceState.txt with usage history

[Tor Bug Tracker & Wiki]

#18589: Tor browser writes SiteSecurityServiceState.txt with usage history
--+--
 Reporter:  cypherpunks   |  Owner:  tbb-team
 Type:  defect| Status:  assigned
 Priority:  High  |  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Major | Resolution:
 Keywords:  tbb-disk-leak |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
Changes (by gk):

 * cc: gacar (added)


Comment:

 We might want to look at the amount of sites that provide HSTS/HPKP
 headers while not being on the preload list. If the amount of those sites
 is small (or if the amount of those sites in the top 1,000,000 sites is
 small?) we might want to think about clearing the state after a session as
 well.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #18589 [Applications/Tor Browser]: Tor browser writes SiteSecurityServiceState.txt with usage history

[Tor Bug Tracker & Wiki]

#18589: Tor browser writes SiteSecurityServiceState.txt with usage history
--+--
 Reporter:  cypherpunks   |  Owner:  tbb-team
 Type:  defect| Status:  assigned
 Priority:  High  |  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Major | Resolution:
 Keywords:  tbb-disk-leak |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
Changes (by mcs):

 * cc: mcs (added)


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #18589 [Applications/Tor Browser]: Tor browser writes SiteSecurityServiceState.txt with usage history

[Tor Bug Tracker & Wiki]

#18589: Tor browser writes SiteSecurityServiceState.txt with usage history
--+--
 Reporter:  cypherpunks   |  Owner:  tbb-team
 Type:  defect| Status:  assigned
 Priority:  High  |  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Major | Resolution:
 Keywords:  tbb-disk-leak |  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
Changes (by gk):

 * keywords:  tbb-disk-leak, tbb-newnym => tbb-disk-leak


Comment:

 The `NEWNYM` issue is dealt with in #19995.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs