[tbb-bugs] #29348 [Applications/Tor Browser]: Add userChrome to Tor Browser to spoof scrollbars to reduce fingerprinting surface

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Feb 6 04:31:11 UTC 2019


#29348: Add userChrome to Tor Browser to spoof scrollbars to reduce fingerprinting
surface
-------------------------------------+-------------------------------------
 Reporter:  concerneduser            |          Owner:  tbb-team
     Type:  enhancement              |         Status:  new
 Priority:  Medium                   |      Component:  Applications/Tor
                                     |  Browser
  Version:  Tor: unspecified         |       Severity:  Normal
 Keywords:  scrollbar                |  Actual Points:
  fingerprinting                     |
Parent ID:                           |         Points:
 Reviewer:                           |        Sponsor:
-------------------------------------+-------------------------------------
 We all know that different systems have different scrollbars. I looked it
 up right now and Tor browser reports this values for the screen object:

 width 1000
 height 900
 clientWidth 988 (yes I am on Linux)

 I found this userChrome (
 https://gist.github.com/mrkwatz/277fb19d210a7539304ca2388f24d8e3 ) and it
 makes the clientWidth become 1000 as intended (you obviously could also
 make the scrollbars the same width/height as on Windows, but I think this
 is a better approach). If something like this is included into standard
 Tor browser it would minimize segregation and thus allow users to use Tor
 on Linux/Mac while still appearing as Windows users.

 Though keep in mind that (for whatever reason) Tor reports different
 values for the useragent in the HTTP header (Windows) and the JS navigator
 obj (Linux). This is strange but irrelevant for fingerprinting if the
 scrollbar thing is not tackled since it is the same result for anyone
 else. It would get relevant though if Tor applied the custom scrollbars.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/29348>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tbb-bugs mailing list