On Tue, Nov 14, 2017 at 02:51:55PM +0200, George Kadianakis wrote: > Let me know what you think :)
Section 9.4 in the Alt-Svc draft talks about abusing the header for tracking. In particular, a malicious website could give each Tor user a unique onion domain to track their activity. That's particularly problematic if the "persist" flag is used in the Alt-Svc header. Granted, malicious websites can already do that to an extent by serving unique onion domains on each page load, but we should still keep this issue in mind. _______________________________________________ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
