[tahoe-lafs-trac-stream] [tahoe-lafs] #1942: replace google chart in wui with d3.js: it leaks information
tahoe-lafs
trac at tahoe-lafs.org
Sat Sep 14 17:38:32 UTC 2013
#1942: replace google chart in wui with d3.js: it leaks information
---------------------------+-----------------------------------------------
Reporter: leif | Owner: nobody
Type: task | Status: new
Priority: normal | Milestone: soon
Component: code- | Version: 1.9.2
frontend-web | Keywords: anonymity privacy security websec
Resolution: |
Launchpad Bug: |
---------------------------+-----------------------------------------------
Changes (by zooko):
* keywords: anonymity privacy security => anonymity privacy security
websec
Old description:
> The timing chart on the mutable file upload status page is rendered by
> http://chart.apis.google.com.
>
> This reveals the IDs and latencies of storage servers to Google, as well
> as anyone able to observe the network between Google and the web browser.
>
> I think this is generally undesirable, but it is particularly problematic
> for users of grids hosted on i2p or Tor hidden services.
>
> It is possible (if not likely) that anonymity-desiring users are running
> tahoe under an LD-preload tool (such as torsocks/usewithtor) but are
> connecting to their WUI using a non-torified browser because they expect
> it to only connect to localhost. When they browse to the mutable file
> upload status page containing this chart, they'll inadvertently reveal
> themselves to be a user of the grid.
>
> Warner suggested in email that this chart should instead be rendered
> locally with d3.js, which is already being used for the download
> timeline.
>
> The code which constructs the google chart URL is in
> src/allmydata/web/status.py and might also be used on pages besides the
> mapupdate page where I noticed it.
New description:
The timing chart on the mutable file upload status page is rendered by
http://chart.apis.google.com.
This reveals the IDs and latencies of storage servers to Google, as well
as anyone able to observe the network between Google and the web browser.
I think this is generally undesirable, but it is particularly problematic
for users of grids hosted on i2p or Tor hidden services.
It is possible (if not likely) that anonymity-desiring users are running
tahoe under an LD-preload tool (such as torsocks/usewithtor) but are
connecting to their WUI using a non-torified browser because they expect
it to only connect to localhost. When they browse to the mutable file
upload status page containing this chart, they'll inadvertently reveal
themselves to be a user of the grid.
Warner suggested in email that this chart should instead be rendered
locally with d3.js, which is already being used for the download timeline.
The code which constructs the google chart URL is in
src/allmydata/web/status.py and might also be used on pages besides the
mapupdate page where I noticed it.
--
--
Ticket URL: <https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1942#comment:13>
tahoe-lafs <https://tahoe-lafs.org>
secure decentralized storage
More information about the tahoe-lafs-trac-stream
mailing list