[tbb-bugs] #28372 [Applications/Tor Browser]: determine if onvisibilitychange is a fingerprinting vector
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sat Nov 10 02:34:06 UTC 2018
#28372: determine if onvisibilitychange is a fingerprinting vector
-----------------------------------------+--------------------------
Reporter: mcs | Owner: tbb-team
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: tbb-fingerprinting,ff60-esr | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
-----------------------------------------+--------------------------
Comment (by onvisibilitychange):
Replying to [comment:1 tom]:
> Probably best to disable it...
And everything else...
> It's not a super important API, should degrade just fine.
As many others.
> A website could determine:
>
> - If it was loaded as a prerender client hint (although we probably also
disable that)
> - If the user has backgrounded the tab, minimized the window, their
screensaver has gone off, screen locked, etc.
Where did you find all that states got revealed?
> There's not a lot to learn from these which might be an argument to
leave it alone
A ray of light...
>, but if I wanted to put on my really creative hat, maybe a website could
learn that a user's screensaver turns on after X minutes of inactivity?
Too creative hat ;)
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/28372#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list