[tbb-dev] Tor browser fingerprint with javascript enabled problem

Anton Luka Šijanec anton at sijanec.eu
Wed Sep 30 14:01:54 UTC 2020


On 29.09.2020 17:23, Matthew Finkel wrote:
> On Sat, Sep 26, 2020 at 11:31:46AM -0700, joel04g_t535e at secmail.pro 
> wrote:
>> 
>> With javascript enabled, websites can know If you use linux or 
>> windows. In
>> my opinion, this is more information than a website should have.
>> 
>> As a linux user, I visited panopticlick.eff.org and did the browser
>> fingerprint test. The results revealed my platform to be "Linux 
>> x86_64".
>> 
>> Is there a way that Tor devs can make Tor browser spoof this value to 
>> be
>> the same for all users or random, regardless of OS?
> 
> No, not easily. There is the semi-easy OS leak in the web API where Tor
> Browser provides the correct OS in |navigator.useragent|.

So addons that change the user agent should be enough, right? Or if not 
that, why would setting the about:config value 
devtools.responsive.userAgent not be sufficient?

-- 
Anton Luka Šijanec
https://šijanec.eu/
+38 6 64/176-345
anton at sijanec.eu (mail, xmpp & sip)
https://šijanec.eu/pgp-key.txt?F4C3E3A4DFB7254397A9F993E76135F49802CD14


More information about the tbb-dev mailing list