Trac issueshttps://gitlab.torproject.org/legacy/trac/-/issues2020-06-15T23:39:57Zhttps://gitlab.torproject.org/legacy/trac/-/issues/20915Web developer network tab breaks first-party isolation in some cases2020-06-15T23:39:57ZGeorg KoppenWeb developer network tab breaks first-party isolation in some casesThere are rare cases where the first-part isolation breaks if the Web developer Network tab is open. This got first reported on our blog: https://blog.torproject.org/blog/tor-browser-65a5-released#comment-224102
Steps to reproduce (work...There are rare cases where the first-part isolation breaks if the Web developer Network tab is open. This got first reported on our blog: https://blog.torproject.org/blog/tor-browser-65a5-released#comment-224102
Steps to reproduce (works both in the stable and the alpha series on Linux at least):
1) Start a fresh Tor Browser and set the Torbutton log level to "3"
2) Open the Network tab in the Web developer console (Ctrl + Shift + Q)
3) Go to https://torproject.org
4) Reload the page with the arrow in the URL bar
Result:
Torbutton INFO: tor SOCKS isolation catchall: https://www.torproject.org/images/onion-heart.png via --unknown--:de6a28fb71abeba4febbbdde61de345e
It is actually only the request for the onion heart that is affected. And having the Network tab open is crucial for reproducing the bug.https://gitlab.torproject.org/legacy/trac/-/issues/20393Something uses catchall circuit2020-06-15T23:38:48ZbugzillaSomething uses catchall circuitSTR:
If you click `Click to create an evercookie` button on http://samy.pl/evercookie with JS disabled, you'll see
```
getFirstPartyURI failed for http://samy.pl/evercookie/idtag: 0x80070057
[10-18 16:04:45] Torbutton INFO: Component ret...STR:
If you click `Click to create an evercookie` button on http://samy.pl/evercookie with JS disabled, you'll see
```
getFirstPartyURI failed for http://samy.pl/evercookie/idtag: 0x80070057
[10-18 16:04:45] Torbutton INFO: Component returned failure code: 0x80070057 (NS_ERROR_ILLEGAL_VALUE) [mozIThirdPartyUtil.getFirstPartyURIFromChannel]
[10-18 16:04:45] Torbutton INFO: tor SOCKS isolation catchall: http://samy.pl/evercookie/idtag via --unknown--:2
```https://gitlab.torproject.org/legacy/trac/-/issues/20328No cookies are visible, except...2020-06-15T23:38:27ZbugzillaNo cookies are visible, except...for some reason e.g. Trac cookies appear:
![TracCookies.png](uploads/TracCookies.png)for some reason e.g. Trac cookies appear:
![TracCookies.png](uploads/TracCookies.png)https://gitlab.torproject.org/legacy/trac/-/issues/20317Key permissions by first-party domain instead of origin (proposal)2020-06-15T23:38:25ZArthur EdelsteinKey permissions by first-party domain instead of origin (proposal)In Firefox (and current Tor Browser), permissions are keyed by origin. That is a tracking vector -- for example, on Google maps, if click on the "Show your Location" button,
![location.png](uploads/location.png)
The browser asks "www.g...In Firefox (and current Tor Browser), permissions are keyed by origin. That is a tracking vector -- for example, on Google maps, if click on the "Show your Location" button,
![location.png](uploads/location.png)
The browser asks "www.google.com: Would you like to Share your Location with this site?" If we choose "Always Share Location", then this permission is stored, keyed to www.google.com.
![permission.png](uploads/permission.png)
Now the UI says "this site", which is, to my ear, synonymous with "first party domain". But now on other sites, any third-party iframe from www.google.com (such as created by a Google Analytics script or a Google+ button) can know our location. And, further, it can expose a function call (using iframe postMessage tricks) that any other script on the same page could call to obtain our location. So in practice, we have given permission for numerous domains to obtain our location. And the very existence of the unusual permission setting, or any other, helps to track us.
So I would like to propose that we key every permission by first-party domain instead of origin domain. That means that the Permissions UI doesn't need to change much at all. We are still assigning each permission to a single domain. But this way, granting a permission to google.com would not leak to every other site.
And I would argue that this is already the perception of most users when they see a permission requested for "this site". Most users are not knowledgeable about the subtleties of third-party scripts -- they expect a permission to apply to the site they are visiting (the first party).
I would suggest we should write this patch for ESR52, which means using Origin Attributes and the pref "privacy.firstparty.isolate". Then we can hopefully uplift to Mozilla.https://gitlab.torproject.org/legacy/trac/-/issues/20310Requests for certificates in Certificate Viewer are sent over the catch-all c...2020-06-15T23:38:23ZbugzillaRequests for certificates in Certificate Viewer are sent over the catch-all circuitEach request made to fetch a certificate in a certificate chain is sent over the catch-all circuit.
```
Torbutton INFO: tor SOCKS isolation catchall: http://ocsp.int-x3.letsencrypt.org/ via --unknown--:88
```Each request made to fetch a certificate in a certificate chain is sent over the catch-all circuit.
```
Torbutton INFO: tor SOCKS isolation catchall: http://ocsp.int-x3.letsencrypt.org/ via --unknown--:88
```https://gitlab.torproject.org/legacy/trac/-/issues/20256Cloudfront resources are isolated to the FQDN2020-06-15T23:38:13ZGeorg KoppenCloudfront resources are isolated to the FQDNOpening https://dlnmh9ip6v2uc.cloudfront.net/datasheets/Dev/Arduino/Shields/MP3_Player_Example.pde results in `SOCKS_USERNAME="dlnmh9ip6v2uc.cloudfront.net"`. But instead of isolating to the FQDN we should do so using the domain name, i....Opening https://dlnmh9ip6v2uc.cloudfront.net/datasheets/Dev/Arduino/Shields/MP3_Player_Example.pde results in `SOCKS_USERNAME="dlnmh9ip6v2uc.cloudfront.net"`. But instead of isolating to the FQDN we should do so using the domain name, i.e. `cloudfront.net`.https://gitlab.torproject.org/legacy/trac/-/issues/20195HTTPS Everywhere's SSL Observatory code doesn't honor domain isolation.2020-06-16T00:52:10ZYawning AngelHTTPS Everywhere's SSL Observatory code doesn't honor domain isolation.The HTTPs request made to `check.torproject.org` as part of startup doesn't use domain isolation at all.
How to reproduce:
1. Monitor the SOCKS traffic (or circuit list).
2. Start Tor Browser, get to the `about:tor` page.
3. Gasp in ...The HTTPs request made to `check.torproject.org` as part of startup doesn't use domain isolation at all.
How to reproduce:
1. Monitor the SOCKS traffic (or circuit list).
2. Start Tor Browser, get to the `about:tor` page.
3. Gasp in horror.
Tested with 6.0.5.William BudingtonWilliam Budingtonhttps://gitlab.torproject.org/legacy/trac/-/issues/20043SharedWorker uses catchall circuit2020-06-15T23:37:29ZbugzillaSharedWorker uses catchall circuitSTR: https://mdn.github.io/simple-shared-worker/
```
getFirstPartyURI failed for https://mdn.github.io/simple-shared-worker/worker.js: 0x80070057
Torbutton INFO: Component returned failure code: 0x80070057 (NS_ERROR_ILLEGAL_VALUE) [mozIT...STR: https://mdn.github.io/simple-shared-worker/
```
getFirstPartyURI failed for https://mdn.github.io/simple-shared-worker/worker.js: 0x80070057
Torbutton INFO: Component returned failure code: 0x80070057 (NS_ERROR_ILLEGAL_VALUE) [mozIThirdPartyUtil.getFirstPartyURIFromChannel]
Torbutton INFO: tor SOCKS isolation catchall: https://mdn.github.io/simple-shared-worker/worker.js via --unknown--:508fd21f6097f45ba346eaccf8411d0a
```
(and `dom.workers.sharedWorkers.enabled` is set to `false` in TBB 6.5a2 ;)https://gitlab.torproject.org/legacy/trac/-/issues/19921Tor Browser: improper handling of 404 Not Found images2020-06-15T23:37:17ZbugzillaTor Browser: improper handling of 404 Not Found imagesSuddenly
```
getFirstPartyURI failed for https://trac.torproject.org/projects/tor/chrome/common/editedticket.png: 0x80070057
[08-15 15:45:41] Torbutton INFO: Component returned failure code: 0x80070057 (NS_ERROR_ILLEGAL_VALUE) [mozIThird...Suddenly
```
getFirstPartyURI failed for https://trac.torproject.org/projects/tor/chrome/common/editedticket.png: 0x80070057
[08-15 15:45:41] Torbutton INFO: Component returned failure code: 0x80070057 (NS_ERROR_ILLEGAL_VALUE) [mozIThirdPartyUtil.getFirstPartyURIFromChannel]
[08-15 15:45:41] Torbutton INFO: tor SOCKS isolation catchall: https://trac.torproject.org/projects/tor/chrome/common/editedticket.png via --unknown--:5764fc7ec995cc459d9fee6ad6ba6ea5
getFirstPartyURI failed for https://trac.torproject.org/projects/tor/chrome/common/editedticket.png: 0x80070057
getFirstPartyURI failed for https://trac.torproject.org/projects/tor/chrome/common/wiki.png: 0x80070057
[08-15 15:45:41] Torbutton INFO: Component returned failure code: 0x80070057 (NS_ERROR_ILLEGAL_VALUE) [mozIThirdPartyUtil.getFirstPartyURIFromChannel]
[08-15 15:45:41] Torbutton INFO: tor SOCKS isolation catchall: https://trac.torproject.org/projects/tor/chrome/common/wiki.png via --unknown--:5764fc7ec995cc459d9fee6ad6ba6ea5
getFirstPartyURI failed for https://trac.torproject.org/projects/tor/chrome/common/wiki.png: 0x80070057
getFirstPartyURI failed for https://trac.torproject.org/projects/tor/chrome/common/attachment.png: 0x80070057
[08-15 15:45:41] Torbutton INFO: Component returned failure code: 0x80070057 (NS_ERROR_ILLEGAL_VALUE) [mozIThirdPartyUtil.getFirstPartyURIFromChannel]
[08-15 15:45:41] Torbutton INFO: tor SOCKS isolation catchall: https://trac.torproject.org/projects/tor/chrome/common/attachment.png via --unknown--:5764fc7ec995cc459d9fee6ad6ba6ea5
getFirstPartyURI failed for https://trac.torproject.org/projects/tor/chrome/common/attachment.png: 0x80070057
getFirstPartyURI failed for https://trac.torproject.org/projects/tor/chrome/common/newticket.png: 0x80070057
[08-15 15:45:41] Torbutton INFO: Component returned failure code: 0x80070057 (NS_ERROR_ILLEGAL_VALUE) [mozIThirdPartyUtil.getFirstPartyURIFromChannel]
[08-15 15:45:41] Torbutton INFO: tor SOCKS isolation catchall: https://trac.torproject.org/projects/tor/chrome/common/newticket.png via --unknown--:5764fc7ec995cc459d9fee6ad6ba6ea5
getFirstPartyURI failed for https://trac.torproject.org/projects/tor/chrome/common/newticket.png: 0x80070057
getFirstPartyURI failed for https://trac.torproject.org/projects/tor/chrome/common/changeset.png: 0x80070057
[08-15 15:45:41] Torbutton INFO: Component returned failure code: 0x80070057 (NS_ERROR_ILLEGAL_VALUE) [mozIThirdPartyUtil.getFirstPartyURIFromChannel]
[08-15 15:45:41] Torbutton INFO: tor SOCKS isolation catchall: https://trac.torproject.org/projects/tor/chrome/common/changeset.png via --unknown--:5764fc7ec995cc459d9fee6ad6ba6ea5
getFirstPartyURI failed for https://trac.torproject.org/projects/tor/chrome/common/changeset.png: 0x80070057
getFirstPartyURI failed for https://trac.torproject.org/projects/tor/chrome/common/closedticket.png: 0x80070057
[08-15 15:45:41] Torbutton INFO: Component returned failure code: 0x80070057 (NS_ERROR_ILLEGAL_VALUE) [mozIThirdPartyUtil.getFirstPartyURIFromChannel]
[08-15 15:45:41] Torbutton INFO: tor SOCKS isolation catchall: https://trac.torproject.org/projects/tor/chrome/common/closedticket.png via --unknown--:5764fc7ec995cc459d9fee6ad6ba6ea5
getFirstPartyURI failed for https://trac.torproject.org/projects/tor/chrome/common/closedticket.png: 0x80070057
getFirstPartyURI failed for https://trac.torproject.org/projects/tor/chrome/common/batchmodify.png: 0x80070057
[08-15 15:45:41] Torbutton INFO: Component returned failure code: 0x80070057 (NS_ERROR_ILLEGAL_VALUE) [mozIThirdPartyUtil.getFirstPartyURIFromChannel]
[08-15 15:45:41] Torbutton INFO: tor SOCKS isolation catchall: https://trac.torproject.org/projects/tor/chrome/common/batchmodify.png via --unknown--:5764fc7ec995cc459d9fee6ad6ba6ea5
getFirstPartyURI failed for https://trac.torproject.org/projects/tor/chrome/common/batchmodify.png: 0x80070057
getFirstPartyURI failed for https://trac.torproject.org/images/extlink.gif: 0x80070057
[08-15 15:45:41] Torbutton INFO: Component returned failure code: 0x80070057 (NS_ERROR_ILLEGAL_VALUE) [mozIThirdPartyUtil.getFirstPartyURIFromChannel]
[08-15 15:45:41] Torbutton INFO: tor SOCKS isolation catchall: https://trac.torproject.org/images/extlink.gif via --unknown--:5764fc7ec995cc459d9fee6ad6ba6ea5
getFirstPartyURI failed for https://trac.torproject.org/images/extlink.gif: 0x80070057
NS_ERROR_NOT_AVAILABLE: Component returned failure code: 0x80040111 (NS_ERROR_NOT_AVAILABLE) [nsIHttpChannel.getResponseHeader] content-policy.js:67:0
getFirstPartyURI failed for https://trac.torproject.org/projects/tor/chrome/common/milestone.png: 0x80070057
[08-15 15:45:42] Torbutton INFO: Component returned failure code: 0x80070057 (NS_ERROR_ILLEGAL_VALUE) [mozIThirdPartyUtil.getFirstPartyURIFromChannel]
[08-15 15:45:42] Torbutton INFO: tor SOCKS isolation catchall: https://trac.torproject.org/projects/tor/chrome/common/milestone.png via --unknown--:5764fc7ec995cc459d9fee6ad6ba6ea5
getFirstPartyURI failed for https://trac.torproject.org/projects/tor/chrome/common/milestone.png: 0x80070057
NS_ERROR_NOT_AVAILABLE: Component returned failure code: 0x80040111 (NS_ERROR_NOT_AVAILABLE) [nsIHttpChannel.getResponseHeader] content-policy.js:67:0
getFirstPartyURI failed for https://trac.torproject.org/projects/tor/chrome/common/trac_logo_mini.png: 0x80070057
[08-15 15:45:42] Torbutton INFO: Component returned failure code: 0x80070057 (NS_ERROR_ILLEGAL_VALUE) [mozIThirdPartyUtil.getFirstPartyURIFromChannel]
[08-15 15:45:42] Torbutton INFO: tor SOCKS isolation catchall: https://trac.torproject.org/projects/tor/chrome/common/trac_logo_mini.png via --unknown--:5764fc7ec995cc459d9fee6ad6ba6ea5
getFirstPartyURI failed for https://trac.torproject.org/projects/tor/chrome/common/trac_logo_mini.png: 0x80070057
getFirstPartyURI failed for https://i.imgur.com/jPpARzE.png: 0x80070057
[08-15 15:45:43] Torbutton INFO: Component returned failure code: 0x80070057 (NS_ERROR_ILLEGAL_VALUE) [mozIThirdPartyUtil.getFirstPartyURIFromChannel]
[08-15 15:45:43] Torbutton INFO: tor SOCKS isolation catchall: https://i.imgur.com/jPpARzE.png via --unknown--:5764fc7ec995cc459d9fee6ad6ba6ea5
getFirstPartyURI failed for https://i.imgur.com/jPpARzE.png: 0x80070057
getFirstPartyURI failed for unknown: 0x80070057
getFirstPartyURI failed for unknown: 0x80070057
[08-15 15:45:44] Torbutton INFO: controlPort >> 650 STREAM 1754 CLOSED 123 138.201.14.198:443 REASON=END REMOTE_REASON=DONE
[08-15 15:45:46] Torbutton INFO: controlPort >> 650 STREAM 1755 CLOSED 123 138.201.14.198:443 REASON=END REMOTE_REASON=DONE
[08-15 15:45:47] Torbutton INFO: controlPort >> 650 STREAM 1753 CLOSED 123 138.201.14.198:443 REASON=DONE
[08-15 15:47:24] Torbutton INFO: controlPort >> 650 STREAM 1366 CLOSED 112 ip:80 REASON=DESTROY
[08-15 15:47:24] Torbutton INFO: controlPort >> 650 STREAM 1756 CLOSED 123 ip:443 REASON=DESTROY
[08-15 15:47:24] Torbutton INFO: controlPort >> 650 STREAM 489 CLOSED 69 ip:443 REASON=DESTROY
[08-15 15:47:27] Torbutton INFO: streamEvent.CircuitID: 124
[08-15 15:47:27] Torbutton INFO: controlPort << getinfo circuit-status
[08-15 15:47:27] Torbutton INFO: controlPort >> 250+circuit-status=
124 BUILT 125 BUILT .
250 OK
[08-15 15:47:27] Torbutton INFO: controlPort << getconf bridge
[08-15 15:47:27] Torbutton INFO: controlPort >> 250 Bridge
[08-15 15:47:37] Torbutton INFO: New tab
[08-15 15:47:37] Torbutton INFO: tor SOCKS: https://trac.torproject.org/projects/tor/ticket/16622 via torproject.org:89e52e1ffbda270503eac23904715f10
[08-15 15:47:38] Torbutton INFO: controlPort >> 650 STREAM 1766 NEW 0 trac.torproject.org:443 SOURCE_ADDR=127.0.0.1:51302 PURPOSE=USER
[08-15 15:47:38] Torbutton INFO: controlPort >> 650 STREAM 1766 SENTCONNECT 125 trac.torproject.org:443
[08-15 15:47:38] Torbutton INFO: streamEvent.CircuitID: 125
[08-15 15:47:38] Torbutton INFO: controlPort << getinfo circuit-status
[08-15 15:47:38] Torbutton INFO: controlPort >> 250+circuit-status=
124 BUILT 125 BUILT SOCKS_USERNAME="torproject.org" SOCKS_PASSWORD="89e52e1ffbda270503eac23904715f10"
.
250 OK
[08-15 15:47:38] Torbutton INFO: controlPort << getconf bridge
[08-15 15:47:38] Torbutton INFO: controlPort >> 250 Bridge
Tor NOTICE: Giving up on marked_for_close conn that's been flushing for 15s (fd 416, type Socks, state open).
[08-15 15:47:39] Torbutton INFO: tor SOCKS: https://trac.torproject.org/projects/tor/chrome/common/css/trac.css via torproject.org:89e52e1ffbda270503eac23904715f10
[08-15 15:55:37] Torbutton INFO: tor SOCKS: https://trac.torproject.org/tor.css via torproject.org:89e52e1ffbda270503eac23904715f10
[08-15 15:55:37] Torbutton INFO: controlPort >> 650 STREAM 1792 NEW 0 trac.torproject.org:443 SOURCE_ADDR=127.0.0.1:51328 PURPOSE=USER
[08-15 15:55:37] Torbutton INFO: controlPort >> 650 STREAM 1793 NEW 0 trac.torproject.org:443 SOURCE_ADDR=127.0.0.1:51329 PURPOSE=USER
[08-15 15:55:37] Torbutton INFO: tor SOCKS: https://trac.torproject.org/images/favicon.ico via torproject.org:89e52e1ffbda270503eac23904715f10
[08-15 15:55:38] Torbutton INFO: controlPort >> 650 STREAM 1792 SENTCONNECT 125 trac.torproject.org:443
[08-15 15:55:38] Torbutton INFO: controlPort >> 650 STREAM 1793 SENTCONNECT 125 trac.torproject.org:443
[08-15 15:55:38] Torbutton INFO: controlPort >> 650 STREAM 1792 REMAP 125 138.201.14.198:443 SOURCE=EXIT
[08-15 15:55:38] Torbutton INFO: controlPort >> 650 STREAM 1792 SUCCEEDED 125 138.201.14.198:443
[08-15 15:55:38] Torbutton INFO: controlPort >> 650 STREAM 1793 REMAP 125 138.201.14.198:443 SOURCE=EXIT
[08-15 15:55:38] Torbutton INFO: controlPort >> 650 STREAM 1793 SUCCEEDED 125 138.201.14.198:443
NS_ERROR_NOT_AVAILABLE: Component returned failure code: 0x80040111 (NS_ERROR_NOT_AVAILABLE) [nsIHttpChannel.getResponseHeader] content-policy.js:67:0
[08-15 15:55:41] Torbutton INFO: tor SOCKS: https://trac.torproject.org/images/tor-logo.png via torproject.org:89e52e1ffbda270503eac23904715f10
NS_ERROR_NOT_AVAILABLE: Component returned failure code: 0x80040111 (NS_ERROR_NOT_AVAILABLE) [nsIHttpChannel.getResponseHeader] content-policy.js:67:0
getFirstPartyURI failed for https://trac.torproject.org/images/tor-logo.png: 0x80070057
[08-15 15:55:41] Torbutton INFO: Component returned failure code: 0x80070057 (NS_ERROR_ILLEGAL_VALUE) [mozIThirdPartyUtil.getFirstPartyURIFromChannel]
[08-15 15:55:41] Torbutton INFO: tor SOCKS isolation catchall: https://trac.torproject.org/images/tor-logo.png via --unknown--:5764fc7ec995cc459d9fee6ad6ba6ea5
getFirstPartyURI failed for https://trac.torproject.org/images/tor-logo.png: 0x80070057
[08-15 15:55:41] Torbutton INFO: tor SOCKS: https://trac.torproject.org/projects/tor/chrome/common/topbar_gradient.png via torproject.org:89e52e1ffbda270503eac23904715f10
[08-15 15:55:41] Torbutton INFO: tor SOCKS: https://trac.torproject.org/topbar_gradient2.png via torproject.org:89e52e1ffbda270503eac23904715f10
[08-15 15:55:41] Torbutton INFO: tor SOCKS: https://trac.torproject.org/projects/tor/chrome/common/changeset.png via torproject.org:89e52e1ffbda270503eac23904715f10
NS_ERROR_NOT_AVAILABLE: Component returned failure code: 0x80040111 (NS_ERROR_NOT_AVAILABLE) [nsIHttpChannel.getResponseHeader] content-policy.js:67:0
getFirstPartyURI failed for https://trac.torproject.org/projects/tor/chrome/common/topbar_gradient.png: 0x80070057
[08-15 15:55:42] Torbutton INFO: Component returned failure code: 0x80070057 (NS_ERROR_ILLEGAL_VALUE) [mozIThirdPartyUtil.getFirstPartyURIFromChannel]
[08-15 15:55:42] Torbutton INFO: tor catchall circuit has been dirty for over 10 minutes. Rotating.
[08-15 15:55:42] Torbutton INFO: New domain isolation for --unknown--: 650a0b2abd9fb7ecafbaeaeac631ca85
[08-15 15:55:42] Torbutton INFO: tor SOCKS isolation catchall: https://trac.torproject.org/projects/tor/chrome/common/topbar_gradient.png via --unknown--:650a0b2abd9fb7ecafbaeaeac631ca85
getFirstPartyURI failed for https://trac.torproject.org/projects/tor/chrome/common/topbar_gradient.png: 0x80070057
NS_ERROR_NOT_AVAILABLE: Component returned failure code: 0x80040111 (NS_ERROR_NOT_AVAILABLE) [nsIHttpChannel.getResponseHeader] content-policy.js:67:0
getFirstPartyURI failed for https://trac.torproject.org/projects/tor/chrome/common/wiki.png: 0x80070057
[08-15 15:55:42] Torbutton INFO: Component returned failure code: 0x80070057 (NS_ERROR_ILLEGAL_VALUE) [mozIThirdPartyUtil.getFirstPartyURIFromChannel]
[08-15 15:55:42] Torbutton INFO: tor SOCKS isolation catchall: https://trac.torproject.org/projects/tor/chrome/common/wiki.png via --unknown--:650a0b2abd9fb7ecafbaeaeac631ca85
getFirstPartyURI failed for https://trac.torproject.org/projects/tor/chrome/common/wiki.png: 0x80070057
getFirstPartyURI failed for https://trac.torproject.org/projects/tor/chrome/common/editedticket.png: 0x80070057
[08-15 15:55:42] Torbutton INFO: Component returned failure code: 0x80070057 (NS_ERROR_ILLEGAL_VALUE) [mozIThirdPartyUtil.getFirstPartyURIFromChannel]
[08-15 15:55:42] Torbutton INFO: tor SOCKS isolation catchall: https://trac.torproject.org/projects/tor/chrome/common/editedticket.png via --unknown--:650a0b2abd9fb7ecafbaeaeac631ca85
getFirstPartyURI failed for https://trac.torproject.org/projects/tor/chrome/common/editedticket.png: 0x80070057
16:35:08.906 TypeError: Cannot convert string to ByteString because the character at index 7722 has value 65279 which is greater than 255.1 network-monitor.js:387:23
```https://gitlab.torproject.org/legacy/trac/-/issues/19844Prevent browser history leaks from CSS mix-blend-mode API in Tor Browser2020-06-15T23:37:05ZIsis LovecruftPrevent browser history leaks from CSS mix-blend-mode API in Tor BrowserSimilar to the old trick of querying the colour of a link on a page to see whether the user has visited that link before, there is [a new form of this attack](https://lcamtuf.blogspot.sk/2016/08/css-mix-blend-mode-is-bad-for-keeping.html...Similar to the old trick of querying the colour of a link on a page to see whether the user has visited that link before, there is [a new form of this attack](https://lcamtuf.blogspot.sk/2016/08/css-mix-blend-mode-is-bad-for-keeping.html) which is made more efficient by querying the :visited attribute on a set of numerous links via defining a boolean algebra with the non-linear CSS blending operators in the [mix-blend-mode API](https://developer.mozilla.org/en-US/docs/Web/CSS/mix-blend-mode).
lcamtuf has [a demo of the attack](http://lcamtuf.coredump.cx/whack/) which works in my Tor Browser 6.0.3. We should determine a way to mitigate this attack.https://gitlab.torproject.org/legacy/trac/-/issues/19741favicon in searchbar popup uses catchall circuit2020-06-15T23:36:52ZArthur Edelsteinfavicon in searchbar popup uses catchall circuitTo reproduce:
* Set "torbutton.loglevel" to 3.
* Enter the word "test" in the searchbar. Click on the DuckDuckGo icon in the popup menu below to cause a search for "test" to be performed on DuckDuckGo. After the search is performed, a g...To reproduce:
* Set "torbutton.loglevel" to 3.
* Enter the word "test" in the searchbar. Click on the DuckDuckGo icon in the popup menu below to cause a search for "test" to be performed on DuckDuckGo. After the search is performed, a green "plus" symbol appears on the searchbar magnifying glass icon.
* Open the browser console, and clear it.
* Click on the searchbar again. An additional menu item appears, which contains the text `Add "DuckDuckGo (HTML)"` and a DuckDuckGo favicon.
* Examine the browser console. Log messages should appear as follows:
```
[07-22 22:38:01] Torbutton INFO: tor SOCKS: http://3g2upl4pq6kufc4m.onion/favicon.ico via --NoFirstPartyHost-chrome-browser.xul--:9bb8a61534faf1f952647a3537560fb0
GET
http://3g2upl4pq6kufc4m.onion/favicon.ico [HTTP/1.1 200 OK 0ms]
getFirstPartyURI failed for chrome://browser/content/browser.xul: 0x80070057
[07-22 22:38:02] Torbutton INFO: controlPort >> 650 STREAM 264 NEW 0 3g2upl4pq6kufc4m.onion:80 SOURCE_ADDR=127.0.0.1:52895 PURPOSE=USER
[07-22 22:38:02] Torbutton INFO: controlPort >> 650 STREAM 264 SENTCONNECT 15 3g2upl4pq6kufc4m.onion:80
getFirstPartyURI failed for chrome://browser/content/browser.xul: 0x80070057
[07-22 22:38:02] Torbutton INFO: controlPort >> 650 STREAM 264 SUCCEEDED 15 3g2upl4pq6kufc4m.onion:80
```
should be visible. I believe these messages are caused by
So it appears that the favicon display inside "add-engines" vbox of the search popup is being sent over the catchall circuit.https://gitlab.torproject.org/legacy/trac/-/issues/19520Investigate "No last modified time" entries visible in about:cache2020-06-15T23:36:34ZGeorg KoppenInvestigate "No last modified time" entries visible in about:cacheToday I stumbled over entities in the browser cache that were not isolated to the first party domain and contained a Last Modified date "No last modified time (bug 1000338)". They are all resources loaded when visiting www.torproject.org...Today I stumbled over entities in the browser cache that were not isolated to the first party domain and contained a Last Modified date "No last modified time (bug 1000338)". They are all resources loaded when visiting www.torproject.org.
The referenced bug number and https://bugzilla.mozilla.org/show_bug.cgi?id=1119406 might be starting points to understand what is going on (although the latter is supposed to be fixed since ESR38)https://gitlab.torproject.org/legacy/trac/-/issues/19417asm.js files should be no linkability risk2020-06-16T01:08:12ZGeorg Koppenasm.js files should be no linkability risk#19400 revealed that asm.js files are cached to disk which violates at least our no-disk-leaks requirement. The upstream bug is https://bugzilla.mozilla.org/show_bug.cgi?id=1047105 which got fixed in Firefox 51. However, there are linkab...#19400 revealed that asm.js files are cached to disk which violates at least our no-disk-leaks requirement. The upstream bug is https://bugzilla.mozilla.org/show_bug.cgi?id=1047105 which got fixed in Firefox 51. However, there are linkability risks as well we might want to address.https://gitlab.torproject.org/legacy/trac/-/issues/19416OCSP requests are not isolated to the URL bar domain2020-06-15T23:36:17ZGeorg KoppenOCSP requests are not isolated to the URL bar domainNot sure when this regressed but I can find log messages like
```
[06-15 09:22:41] Torbutton INFO: tor SOCKS isolation catchall: http://clients1.google.com/ocsp via --unknown--:1
```
in my terminal. In fact it seems all OCSP requests are...Not sure when this regressed but I can find log messages like
```
[06-15 09:22:41] Torbutton INFO: tor SOCKS isolation catchall: http://clients1.google.com/ocsp via --unknown--:1
```
in my terminal. In fact it seems all OCSP requests are affected.https://gitlab.torproject.org/legacy/trac/-/issues/19037Suppress content access to page visibility API2020-06-15T23:35:08ZArthur EdelsteinSuppress content access to page visibility APIThe `document.visibility` property and the `visibilitychange` event let content know if the user has selected or deselected a tab. If the user switches from tab A to tab B, then tab A can receive a "hidden" event at the same time that ta...The `document.visibility` property and the `visibilitychange` event let content know if the user has selected or deselected a tab. If the user switches from tab A to tab B, then tab A can receive a "hidden" event at the same time that tab B receives a "visible" event. So it seems potentially useful to suppress this information.
See https://developer.mozilla.org/en-US/docs/Web/API/Page_Visibility_APIhttps://gitlab.torproject.org/legacy/trac/-/issues/18762implement first-party isolation for OCSP generated by speculative connect2020-06-16T00:59:02ZArthur Edelsteinimplement first-party isolation for OCSP generated by speculative connect#13670.2 has a TODO that maybe needs to be implemented. Although is it possible that we have speculative connect disabled?#13670.2 has a TODO that maybe needs to be implemented. Although is it possible that we have speculative connect disabled?https://gitlab.torproject.org/legacy/trac/-/issues/18703Videos loaded via the Page Info dialog are going over the catch-all circuit2020-06-15T23:34:18ZbugzillaVideos loaded via the Page Info dialog are going over the catch-all circuitLoad https://www.torproject.org/press/video.html.en and observe that the video is getting loaded over the circuit used for all the other resources of *.torproject.org. Now, open the Page Info dialog and the video that gets loaded again g...Load https://www.torproject.org/press/video.html.en and observe that the video is getting loaded over the circuit used for all the other resources of *.torproject.org. Now, open the Page Info dialog and the video that gets loaded again goes over the catch-all circuit. I think the expected behavior is to let the request go over the circuit for the URL bar domain of the page in question as well.https://gitlab.torproject.org/legacy/trac/-/issues/18552timing oracle for rendezvouz circuits2020-06-15T23:33:56Zcypherpunkstiming oracle for rendezvouz circuitsThe _performance_ and _XMLHTTPRequest_ javascript APIs provide a toolset sufficient enough to measure for the existence of previously established rendezvous circuits.
Since CORS headers can only be determined after a request is performe...The _performance_ and _XMLHTTPRequest_ javascript APIs provide a toolset sufficient enough to measure for the existence of previously established rendezvous circuits.
Since CORS headers can only be determined after a request is performed, by measuring the time to failure on a series of cross-domain requests and observing the difference between the time-to-failure on the first and subsequent requests we could determine if a user has an already established circuit with a given rendezvous website.
While the timing on _performance_ is quite coarse, it is sufficient to detect the build time of a rendezvous circuit. If the subsequent requests consistently take the same time as the initial request it could be inferred that the user already had a circuit established to the onion address being tested by the _XMLHTTPRequest_.
The measurement capabilities are very weak given that the sample set of the initial connection can only be 1, as such this attack is not very reliable.https://gitlab.torproject.org/legacy/trac/-/issues/18532Now search.disconnect.me through catchall too2020-06-15T23:33:51ZbugzillaNow search.disconnect.me through catchall too[03-11 17:31:16] Torbutton INFO: tor SOCKS isolation catchall: https://search.disconnect.me/searchTerms/search?ses=Google&location_option=US&source=tor via --unknown--:75
Windows only?[03-11 17:31:16] Torbutton INFO: tor SOCKS isolation catchall: https://search.disconnect.me/searchTerms/search?ses=Google&location_option=US&source=tor via --unknown--:75
Windows only?https://gitlab.torproject.org/legacy/trac/-/issues/18030Favicons loaded via the Page Info dialog are going over the catch-all circuit2020-06-15T23:32:15ZGeorg KoppenFavicons loaded via the Page Info dialog are going over the catch-all circuitLoad https://trac.torproject.org and observe that the favicon is getting loaded over the circuit used for all the other resources of trac.torproject.org. Now, open the Page Info dialog and the favicon that gets loaded again goes over the...Load https://trac.torproject.org and observe that the favicon is getting loaded over the circuit used for all the other resources of trac.torproject.org. Now, open the Page Info dialog and the favicon that gets loaded again goes over the catch-all circuit. I think the expected behavior is to let the request go over the circuit for the URL bar domain of the page in question as well.