'network.http.speculative-parallel-limit' default setting provides tracking-risk
'network.http.speculative-parallel-limit' default setting provides tracking-risk
(thanks to Yuri Khan for the original scenario - 2015-08-14 22:33:56 PDT)
Potential tracking scenario:
- Attacker sends an e-mail to the Victim with a text around a URL
- Victim leaves the cursor in the area of the text
- Tor Browser speculatively connects to the destination URL in the email
- the Attacker logs this attempts and assigns the exit-node IP-address to the Victims email address
The result is that the exit-node's IP-address can be linked with the e-mail address of the targetted victim. Which (in case of seizing a exit-node) can result in de-anonimizing the un-aware user behind it.
This is exploitable in the Tor browser because the default value of the pre-connections API ('network.http.speculative-parallel-limit') is 6
A fix to mitigate this problem is to set 'network.http.speculative-parallel-limit' to 0 by default.
References
Trac:
Username: RickGeex_