[tbb-bugs] #30392 [Applications/Tor Browser]: CSS features allow real-time tracking

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon May 6 12:42:00 UTC 2019

#30392: CSS features allow real-time tracking
 Reporter:  davywtf                   |          Owner:  tbb-team
     Type:  defect                    |         Status:  needs_information
 Priority:  Medium                    |      Milestone:
Component:  Applications/Tor Browser  |        Version:
 Severity:  Normal                    |     Resolution:
 Keywords:                            |  Actual Points:
Parent ID:                            |         Points:
 Reviewer:                            |        Sponsor:
Changes (by gk):

 * keywords:  css =>
 * status:  new => needs_information
 * version:  Tor: unspecified =>


 So, what exactly is the threat here? We don't spoof referers unless you
 come from a .onion domain and go to a non .onion one. And I am not sure I
 understand the fingerprinting concern. You mean the website you are
 interacting with is recognizing you once you come back? If so, how so if
 _only_ CSS is available (moreover, tracking by first-party domain is
 currently out of scope; if that's done by identifiers like cookies then
 New Identity is your friend given that not only cookies but numerous state
 has to get cleared to separate those visits).

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30392#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tbb-bugs mailing list