[tbb-bugs] #21559 [Applications/Tor Browser]: Tor browser deanonymization/fingerprinting via cached intermediate CAs
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sun Feb 26 08:45:31 UTC 2017
#21559: Tor browser deanonymization/fingerprinting via cached intermediate CAs
-------------------------------------+-------------------------------------
Reporter: cypherpunks | Owner: tbb-team
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor | Version:
Browser | Keywords: tbb-fingerprinting,
Severity: Normal | tbb-linkability
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
-------------------------------------+-------------------------------------
Hi,
I get different results testing https://fiprinca.0x90.eu/poc/ in a fresh
Tor browser than in the Tor browser I've been using to browse the web for
a bit. (Both are running as Qubes disposable VMs so I haven't tested
persistence).
Expected behaviour: my Tor browser (version "6.5, based on Mozilla Firefox
45.7.0") should not leak information about what sites I've visited.
Actual behaviour: I see four cached CAs in the "warmed" browser, leaking
information about what sites I've visited.
Version: 6.5
https://shiftordie.de/blog/2017/02/21/fingerprinting-firefox-users-with-
cached-intermediate-ca-certificates-fiprinca/ has a writeup by the author.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21559>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list