#1942 closed task

google chart in wui leaks information — at Initial Version

Reported by: leif Owned by: davidsarah
Priority: normal Milestone: eventually
Component: code-frontend-web Version: 1.9.2
Keywords: anonymity privacy security websec tor-protocol i2p Cc: tahoe-lafs@…
Launchpad Bug:

Description

The timing chart on the mutable file upload status page is rendered by http://chart.apis.google.com.

This reveals the IDs and latencies of storage servers to Google, as well as anyone able to observe the network between Google and the web browser.

I think this is generally undesirable, but it is particularly problematic for users of grids hosted on i2p or Tor hidden services.

It is possible (if not likely) that anonymity-desiring users are running tahoe under an LD-preload tool (such as torsocks/usewithtor) but are connecting to their WUI using a non-torified browser because they expect it to only connect to localhost. When they browse to the mutable file upload status page containing this chart, they'll inadvertently reveal themselves to be a user of the grid.

Warner suggested in email that this chart should instead be rendered locally with d3.js, which is already being used for the download timeline.

The code which constructs the google chart URL is in src/allmydata/web/status.py and might also be used on pages besides the mapupdate page where I noticed it.

Change History (0)

Note: See TracTickets for help on using tickets.