On Fri, 18 Jan 2019 at 21:00, Richard Pospesel richard@torproject.org wrote:
The Double-Keyed Redirect Cookies + 'Domain Promotion' tries to fix this multiple/hidden session problem by promoting the cookies of double-keyed websites to first-party status in the case where the originating domain is positively identified as solely a redirect. In the gogle.com -> google.com scenario, if Tor Browser could identify that gogle.com is used solely to redirect to google.com, then we could take the double-keyed gogle.com|google.com cookies and move them into the google.com bucket and eliminate the double session.
How would we detect this?
Let's say hypothetically (I haven't checked) gogle.com does not set any cookies; and just sends a 301 permanent redirect. We then perform the upgrade from gogle.com|google.com to google.com
If we turn it on its head: google.com decides to redirect you to tracker342451345.google.com with a 301 (and setting no cookies.) We upgrade google.com|tracker342451345.google.com to tracker342451345.google.com and do so for as long as your session is open. Does this enabling a tracking vector? I don't think so; couldn't identify one - but it feels like there might be something here...
-tom