[tor-talk] Once again: window size

Drake Wilson drake at dasyatidae.net
Sun Nov 30 15:41:50 UTC 2014


Hartmut Haase wrote:
> Hi Drake,
> I understand what you are saying. If it helps to be more anonymous that's o, k.
> Does that mean if I make the window full screen I'm losing          anonymity?

Yes, it does potentially mean that.  It is not a complete loss, and may not
_directly_ reveal any other details, but it adds a unique element.  If websites or
exit nodes or spies see more than one page load using your monitor resolution and
not the Tor Browser default size, they can guess that those are more likely to be
the same person.  And if you reveal personal information on one website using an
unusual window size, and then access another website the same way, they can work
together to guess that it was you who did the second access.  If you access the
websites using an insecure channel (such as plain HTTP and not always HTTPS),
anyone who can observe the traffic from your exit nodes can also guess.

The specific analysis depends on your specific situation and what kind of anonymity
you need.  But you should use the default window size if you can.  Of course, you
should also be careful in all other ways.

>> I do not know why you see a delay of one second.
> Just do the following: start Tor Browser, and make the window full screen.
> Then log out and log in again or restart the PC. The next start of Tor Browser
>  will come up with a full screen window only to switch back to default after a second or two.

It is probably just while the Firefox part of the software is creating the
window, before the Tor Browser part can resize it.  Possibly on a faster
computer there is very little delay.  I don't have a copy of Tor Browser with me,
unfortunately.  How fast is your CPU?  How much RAM do you have?

(Developers: is that a known potential race condition vs the user beginning input?
I'm guessing the window hook from the design draft doesn't allow blocking the UI.)

   ---> Drake Wilson



More information about the tor-talk mailing list