[tbb-dev] Tor browser fingerprint with javascript enabled problem
Matthew Finkel
sysrqb at torproject.org
Wed Sep 30 14:19:30 UTC 2020
On Wed, Sep 30, 2020 at 04:01:54PM +0200, Anton Luka Šijanec wrote:
> On 29.09.2020 17:23, Matthew Finkel wrote:
> > On Sat, Sep 26, 2020 at 11:31:46AM -0700, joel04g_t535e at secmail.pro
> > wrote:
> > >
> > > With javascript enabled, websites can know If you use linux or
> > > windows. In
> > > my opinion, this is more information than a website should have.
> > >
> > > As a linux user, I visited panopticlick.eff.org and did the browser
> > > fingerprint test. The results revealed my platform to be "Linux
> > > x86_64".
> > >
> > > Is there a way that Tor devs can make Tor browser spoof this value
> > > to be
> > > the same for all users or random, regardless of OS?
> >
> > No, not easily. There is the semi-easy OS leak in the web API where Tor
> > Browser provides the correct OS in |navigator.useragent|.
>
> So addons that change the user agent should be enough, right? Or if not
> that, why would setting the about:config value devtools.responsive.userAgent
> not be sufficient?
Yes, using an addon should be sufficient if you want to plug this
specific leak, but this breaks some web sites. If you are okay with that
breakage, then go for it. As for the |devtools.responsive.userAgent|
pref, I assume you'll need to load every page with devtools opened (but
I haven't confirmed that).
More information about the tbb-dev
mailing list