Mike Perry:

Hello all,

I've finally updated the design doc to cover TBB 4.0: https://www.torproject.org/projects/torbrowser/design/

In particular, the fingerprinting section saw substantial updates: https://www.torproject.org/projects/torbrowser/design/#fingerprinting-linkab...

I also added a build security section that could probably use more links and more details: https://www.torproject.org/projects/torbrowser/design/#BuildSecurity

Feedback welcome! Patches are even more welcomer! ;)

In chronological order: 1) s/InstantBird/Instantbird/ 2) s/Because fingerprinting is problem/Because fingerprinting is a problem/ 3) "Similarly, we prioritize issues that differentiate only MacOS, Windows, and Linux lower" Might be good to link to the OS type fingerprinting section here. Otherwise one might be confused about what does that "Similarly" refer to? That we do not believe OS fingerprinting is solvable (similar to cross-browser fingerprinting)? If so, why are we just prioritizing it lower than other things and don't give up on fixing these problems in the first place? etc. 4) s/provide which provide coverage for the all/provide coverage for the/ 5) Monitor and Desktop resolution/CSS Media Queries section Talking only about Montor/Desktop resolution in one section is fine but then the first paragraph should only contain those fingerprinting vectors relevant to it (screen orientation and other desktop features are not mentioned in the Design Goal/Implementation Status parts). I think talking about a certain technique used for extracting fingerprinting information (CSS Media Queries) is a bit cumbersome given that there is no specific Javascript section but only sections about different fingerprinting vectors (leaving the means of exploiting them either opaque or mentioning Javascript/CSS). Moreover, screen orientation does not fit there as it can get queried by Javascript as well. Thus, instead of focusing on CSS as a technique a better approach might be to point to the remaining vectors related to the screen like its orientation, system colors exposed etc. and see this section as a complement to the Monitor/Screen/Desktop resolution one. 6) The tlsdate link points to the Tor Browser design document (s/linkend/url). 7) s/of the Operating System/of the operating system/ 8) "We have no defenses deployed that address OS type fingerprinting, but nothing else." <- not sure what you mean here 9) s/linkability bugs and enhancements, see the tbb-fingerprinting/fingerprintability bugs and enhancements, see the tbb-fingerprinting/ 10) We clear site permissions as well on New Identity (see commit 2418d8693fc6bd4b4a18aeb14cf39fd9cb660cf8). Mentioning "DOM local storage" and "DOM Storage" might be confusing. Maybe we should rename the former to "Offline application cache" as these are different beasts. 11) s/For Mac OS, we use toolchain4/For Mac OS, we use crosstools-ng/ 12) libfaketime we use in Tor Browser 4.0 has no spoofing issues anymore wrt the fine-grained timestamps 13) There are more LXC related leaks worth mentioning, see #12237 and child tickets 14) s/contains a sorted list the SHA-256/contains a sorted list of the SHA-256/ Georg