Opened at 2013-04-10T18:33:35Z
Last modified at 2021-05-18T17:24:05Z
#1942 closed task
google chart in wui leaks information — at Initial Version
Reported by: | leif | Owned by: | davidsarah |
---|---|---|---|
Priority: | normal | Milestone: | eventually |
Component: | code-frontend-web | Version: | 1.9.2 |
Keywords: | anonymity privacy security websec tor-protocol i2p | Cc: | tahoe-lafs@… |
Launchpad Bug: |
Description
The timing chart on the mutable file upload status page is rendered by http://chart.apis.google.com.
This reveals the IDs and latencies of storage servers to Google, as well as anyone able to observe the network between Google and the web browser.
I think this is generally undesirable, but it is particularly problematic for users of grids hosted on i2p or Tor hidden services.
It is possible (if not likely) that anonymity-desiring users are running tahoe under an LD-preload tool (such as torsocks/usewithtor) but are connecting to their WUI using a non-torified browser because they expect it to only connect to localhost. When they browse to the mutable file upload status page containing this chart, they'll inadvertently reveal themselves to be a user of the grid.
Warner suggested in email that this chart should instead be rendered locally with d3.js, which is already being used for the download timeline.
The code which constructs the google chart URL is in src/allmydata/web/status.py and might also be used on pages besides the mapupdate page where I noticed it.