Skip to content
This repository has been archived by the owner on Jan 4, 2019. It is now read-only.

Browser process's system request context should be handled differently under Tor #518

Open
3 tasks
riastradh-brave opened this issue Mar 6, 2018 · 1 comment
Open
3 tasks

Browser process's system request context should be handled differently under Tor #518

riastradh-brave opened this issue Mar 6, 2018 · 1 comment
Labels
feature/tor tor/leakproofing Plugging leaks of user-identifying information like IP address that Tor mode should conceal

Comments

@riastradh-brave
Copy link
Contributor

BrowserProcessImpl's system_request_context -- used for, among other things, remote geoip lookups for location services -- should generally not be used under Tor.

  • enumerate what it's used for
  • block anything that leaks that is not useful through Tor (e.g., not worthwhile to do a geoip lookup from what's-my-ip-address? to learn where the Tor exits are located)
  • redirect what's left through Tor if appropriate
@diracdeltas
Copy link
Member

diracdeltas commented Mar 14, 2018
edited
Loading

discussed in person, for MVP we will just always deny geolocation permissions in browser-laptop

@diracdeltas diracdeltas mentioned this issue Mar 14, 2018
Closed
@diracdeltas diracdeltas removed their assignment Mar 14, 2018
@riastradh-brave riastradh-brave added the tor/leakproofing Plugging leaks of user-identifying information like IP address that Tor mode should conceal label Apr 26, 2018
@jumde jumde mentioned this issue Oct 1, 2018
Closed
This was referenced Apr 26, 2019
Closed
Open
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
feature/tor tor/leakproofing Plugging leaks of user-identifying information like IP address that Tor mode should conceal
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@diracdeltas @riastradh-brave