Re: [tor-bugs] #21569 [Applications/Tor Browser]: Investigate and neuter fingerprinting potential of Permissions API

[Tor Bug Tracker & Wiki]

#21569: Investigate and neuter fingerprinting potential of Permissions API
-+-
 Reporter:  gk   |  Owner:
 |  arthuredelstein
 Type:  task | Status:  closed
 Priority:  High |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:  fixed
 Keywords:  ff52-esr, tbb-7.0-must-alpha,|  Actual Points:
  TorBrowserTeam201705R, tbb-linkability |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
 |  Sponsor4
-+-

Comment (by gk):

 Closed #20317 as duplicate.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21569 [Applications/Tor Browser]: Investigate and neuter fingerprinting potential of Permissions API

[Tor Bug Tracker & Wiki]

#21569: Investigate and neuter fingerprinting potential of Permissions API
-+-
 Reporter:  gk   |  Owner:
 |  arthuredelstein
 Type:  task | Status:  closed
 Priority:  High |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:  fixed
 Keywords:  ff52-esr, tbb-7.0-must-alpha,|  Actual Points:
  TorBrowserTeam201705R, tbb-linkability |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
 |  Sponsor4
-+-
Changes (by arthuredelstein):

 * keywords:  ff52-esr, tbb-7.0-must-alpha, TorBrowserTeam201705R =>
 ff52-esr, tbb-7.0-must-alpha, TorBrowserTeam201705R, tbb-linkability


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21569 [Applications/Tor Browser]: Investigate and neuter fingerprinting potential of Permissions API

[Tor Bug Tracker & Wiki]

#21569: Investigate and neuter fingerprinting potential of Permissions API
-+-
 Reporter:  gk   |  Owner:
 |  arthuredelstein
 Type:  task | Status:  closed
 Priority:  High |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:  fixed
 Keywords:  ff52-esr, tbb-7.0-must-alpha,|  Actual Points:
  TorBrowserTeam201705R  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
 |  Sponsor4
-+-
Changes (by gk):

 * status:  needs_review => closed
 * resolution:   => fixed


Comment:

 Looks good to me. I cherry-picked this on `tor-browser-52.1.0esr-7.0-2`
 (commit d8b12ca703cd530b5c7684be00d5979fb1543705).

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21569 [Applications/Tor Browser]: Investigate and neuter fingerprinting potential of Permissions API

[Tor Bug Tracker & Wiki]

#21569: Investigate and neuter fingerprinting potential of Permissions API
-+-
 Reporter:  gk   |  Owner:
 |  arthuredelstein
 Type:  task | Status:
 |  needs_review
 Priority:  High |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  ff52-esr, tbb-7.0-must-alpha,|  Actual Points:
  TorBrowserTeam201705R  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
 |  Sponsor4
-+-

Comment (by mcs):

 r=brade, r=mcs
 Kathy and I are far from experts on this aspect of Firefox, but the
 patches look good and we successfully ran the tests on OSX.  We also ran
 the tests without the other portion of the patch and saw that 2 tests
 failed due to lack of isolation (as expected).

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21569 [Applications/Tor Browser]: Investigate and neuter fingerprinting potential of Permissions API

[Tor Bug Tracker & Wiki]

#21569: Investigate and neuter fingerprinting potential of Permissions API
-+-
 Reporter:  gk   |  Owner:
 |  arthuredelstein
 Type:  task | Status:
 |  needs_information
 Priority:  High |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  ff52-esr, tbb-7.0-must-alpha,|  Actual Points:
  TorBrowserTeam201705R  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
 |  Sponsor4
-+-

Comment (by arthuredelstein):

 Replying to [comment:9 mcs]:
 > Kathy and I started to review this but got stuck on a couple of things:
 > * Where is the file `file_firstPartySpecial.html`?
 > * Should the commented out lines (e.g., for geolocation) be removed from
 `browser_permissions.js`?
 > * `PrincipalOriginAttributes::StripUserContextId()` is now an empty
 function. Is that correct?

 Thanks for noticing these things. I have cleaned them up now. Here's the
 new version:
 https://github.com/arthuredelstein/tor-browser/commit/21569+4

 Note here I am enabling isolation of permissions both by first party
 domain and container ID. As Tor Browser doesn't use containers, the change
 to container behavior should have no effect. But I took this approach
 (changing both things) because it makes writing a test with Mozilla's
 existing isolation test framework straightforward. If Mozilla decides to
 apply first-party isolation to permissions, but not to apply it to
 containers, then they will need to modify the framework. (Although my
 recommendation would be to isolate permissions by containers as well.)

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21569 [Applications/Tor Browser]: Investigate and neuter fingerprinting potential of Permissions API

[Tor Bug Tracker & Wiki]

#21569: Investigate and neuter fingerprinting potential of Permissions API
-+-
 Reporter:  gk   |  Owner:
 |  arthuredelstein
 Type:  task | Status:
 |  needs_review
 Priority:  High |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  ff52-esr, tbb-7.0-must-alpha,|  Actual Points:
  TorBrowserTeam201705R  |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
 |  Sponsor4
-+-
Changes (by arthuredelstein):

 * status:  needs_information => needs_review


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21569 [Applications/Tor Browser]: Investigate and neuter fingerprinting potential of Permissions API

[Tor Bug Tracker & Wiki]

#21569: Investigate and neuter fingerprinting potential of Permissions API
-+-
 Reporter:  gk   |  Owner:
 |  arthuredelstein
 Type:  task | Status:
 |  needs_information
 Priority:  High |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  ff52-esr, TorBrowserTeam201704R, |  Actual Points:
  tbb-7.0-must-alpha |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
 |  Sponsor4
-+-
Changes (by mcs):

 * status:  needs_review => needs_information


Comment:

 Kathy and I started to review this but got stuck on a couple of things:
 * Where is the file `file_firstPartySpecial.html`?
 * Should the commented out lines (e.g., for geolocation) be removed from
 `browser_permissions.js`?
 * `PrincipalOriginAttributes::StripUserContextId()` is now an empty
 function. Is that correct?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21569 [Applications/Tor Browser]: Investigate and neuter fingerprinting potential of Permissions API

[Tor Bug Tracker & Wiki]

#21569: Investigate and neuter fingerprinting potential of Permissions API
-+-
 Reporter:  gk   |  Owner:
 |  arthuredelstein
 Type:  task | Status:
 |  needs_review
 Priority:  High |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  ff52-esr, TorBrowserTeam201704R, |  Actual Points:
  tbb-7.0-must-alpha |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
 |  Sponsor4
-+-
Changes (by arthuredelstein):

 * status:  accepted => needs_review
 * keywords:  ff52-esr, TorBrowserTeam201704, tbb-7.0-must-alpha =>
 ff52-esr, TorBrowserTeam201704R, tbb-7.0-must-alpha


Comment:

 Here's my patch for review. I am applying first-party isolation to the
 Permission Manager:
 https://github.com/arthuredelstein/tor-browser/commits/21569

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #21569 [Applications/Tor Browser]: Investigate and neuter fingerprinting potential of Permissions API

[Tor Bug Tracker & Wiki]

#21569: Investigate and neuter fingerprinting potential of Permissions API
-+-
 Reporter:  gk   |  Owner:  tbb-
 |  team
 Type:  task | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  ff52-esr, tbb-7.0-must,  |  Actual Points:
  TorBrowserTeam201704   |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
 |  Sponsor4
-+-
Changes (by arthuredelstein):

 * cc: arthuredelstein (added)


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs