[tbb-bugs] #30543 [Applications/Tor Browser]: device orientation leaks

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue May 21 02:00:58 UTC 2019

#30543: device orientation leaks
 Reporter:  Thorin              |          Owner:  tbb-team
     Type:  defect              |         Status:  new
 Priority:  Medium              |      Component:  Applications/Tor Browser
  Version:                      |       Severity:  Normal
 Keywords:  tbb-fingerprinting  |  Actual Points:
Parent ID:                      |         Points:
 Reviewer:                      |        Sponsor:
 RFP spoofs landscape on devices

 However css @media orientation and also matchMedia leak - see upcoming
 attached pic where RFP=on, the phone is in reality in portrait mode.
 Orientation = landscape (spoofed), but the others say otherwise

 **mdn** (this is what gets spoofed)
 var orientation = screen.msOrientation || (screen.orientation ||

 **css** (leaks)
 @media (orientation:portrait){#YourID:after{content:"portrait";}}
 @media (orientation:landscape){#YourID:after{content:"landscape";}}

 **matchMedia** (leaks)
 if (window.matchMedia("(orientation: portrait)").matches) return
 if (window.matchMedia("(orientation: landscape)").matches) return

 [1] https://ghacksuserjs.github.io/TorZillaPrint/TorZillaPrint.html#screen

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30543>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tbb-bugs mailing list