[tbb-bugs] #20214 [Applications/Tor Browser]: Ultrasound Cross Device Tracking techniques could be used to launch deanonymization attacks against some users
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Sep 22 03:57:35 UTC 2016
#20214: Ultrasound Cross Device Tracking techniques could be used to launch
deanonymization attacks against some users
--------------------------------------+----------------------------------
Reporter: VasiliosMavroudis | Owner: tbb-team
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version: Tor: unspecified
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------------------+----------------------------------
Comment (by cypherpunks):
1. Why wouldn't this work with audible sound? Audible sound ranges have
been shown to be able to covertly issue voice commands to nearby mobile
devices
(https://www.georgetown.edu/sites/www/files/Hidden%20Voice%20Commands%20full%20paper.pdf).
The core issue is not addressed by filtering out non-audible sound.
2. If a user is presented with a choice to play the media file or not and
if they *believe* that they want to play it, they will play it. The prompt
would only serve as an annoyance that the user would learn to ignore. If
your attack involves tricking a user to visit a website, tricking a user
to view or allow the media on the website to play would not be
significantly more difficult.
3. The security slider at 'High' already makes video/audio content click-
to-play, with the current exception of MediaSource video (see: #19200).
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20214#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list