[tbb-bugs] #14310 [Tor Browser]: Standard on anonymized browser behaviour

Tor Bug Tracker & Wiki blackhole at torproject.org
Thu Jan 22 20:16:48 UTC 2015

#14310: Standard on anonymized browser behaviour
     Reporter:  cypherpunks  |      Owner:  tbb-team
         Type:  task         |     Status:  reopened
     Priority:  normal       |  Milestone:
    Component:  Tor Browser  |    Version:
   Resolution:               |   Keywords:
Actual Points:               |  Parent ID:
       Points:               |

Comment (by cypherpunks):

 Thank you, very interesting article (especially interesting the list of
 existing fingerprinters which actually were using the same technology that
 I have used in my study), but the approach of mitigation mentioned there
 is not very useful.

 I have already thought about randomization and found it useless. Because
 an adversary can easily avoid this, using repeating. They have proposed to
 create a cache of random values, but the cache can be bypassed. For
 example in common canvas fingerprinting technique when we hash the image,
 the browser can add a random noise to image and cache it. What can we do?
 We can generate a different image and use only part of it. Because the
 image is different, there will be created a different random noise, which
 most likely won't overlap the generated noise, so it can be discarded by

 In the case of fonts we can run a fingerprinter from different domains of
 one service. Because every domain means that new randomization will be
 applyed, we will be able to discard randomness and get steady fingerprint.

 Also we can use this cache to crash the browser, creating a lot of
 fingerprintable features and making the browser to add randomness to them
 and cache it.

 Also this random cache can be used as identifier.

 But one of the ways is to create randomness on start of new anonymous
 session and use the same randomness for all the site. So an adversary will
 be able to track you between sites, but only limited by one session. Of
 course, randomness must be generated by a secure PRG.

 So I think that the standard should use both ways.
 All the features can be made equal in all the an. browsers must be equal
 for all the an. browsers.
 Another set of features (we are not ready to make equal) must be
 randomized in a way I have described.

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/14310#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tbb-bugs mailing list