Project *Core Apps » Bazaar » ChatSecure:Android » KeySync » Orbot » Orfox Private Browser » Orweb » Secure ReaderCacheWordIOCipherNetCipherPanicTrusted Intents » CheckeyLibreoSpideyStoryMakerâ„¢SecureSmartCam » CameraV (InformaCam Project) » ObscuraCam
Tracker *Bug Feature Task
Subject *
Description The Tor Browser draft includes defenses against cross origin linkability I have not tested the other types in Orfox, but Orfox does not make new circuits for cross origin requests, making it possible for an attacker to use JavaScript to check if a user has visited another site recently (if they have a circuit built, the site will resolve much faster than if a circuit is not built yet). I have tested this with Facebook's mobile onion site (https://m.facebookcorewwwi.onion/) In my tests, having a circuit built already will resolve on average 3 seconds faster in XHR requests. I tried 10 requests with a circuit built to facebook already and 10 requests without. Orbot Version Tested: 15.2.0-RC-8-multi(Tor 0.2.8.9armx86-openssl1.0.2j) Orfox Version Tested: Fennec-45.5.1esr/TorBrowser-6.5-1/Orfox-1.2.1
Status *New
Priority *Low Normal High Urgent Immediate
Assignee << me >>amoghbl1hansn8fr8Anonymous
Target version Orfox Alpha Orfox Alpha 2 Orfox Beta 1 Orfox GSoC 2016 Orfox RC Backlog
Start date
Due date
Estimated time Hours
% Done0 % 10 % 20 % 30 % 40 % 50 % 60 % 70 % 80 % 90 % 100 %
Component
Files (Maximum size: 195 MB)