[tor-bugs] #6041 [TorBrowserButton]: Review rendering-based fingerprinting vectors (was: Review rendering-based font fingerprinting vectors)

Tor Bug Tracker & Wiki torproject-admin at torproject.org
Wed Jun 13 01:17:33 UTC 2012 

#6041: Review rendering-based fingerprinting vectors
------------------------------+---------------------------------------------
 Reporter:  gk                |          Owner:  mikeperry
     Type:  defect            |         Status:  new      
 Priority:  major             |      Milestone:           
Component:  TorBrowserButton  |        Version:           
 Keywords:  MikePerry201206   |         Parent:           
   Points:  2                 |   Actualpoints:           
------------------------------+---------------------------------------------
Changes (by mikeperry):

  * points:  => 2


Comment:

 Ok, few thoughts on the paper first:

 1. For the most part, I like this paper. It's reasonable and well written,
 has a decently thought-out defenses section, and doesn't make ridiculously
 outlandish claims.
 2. We still need source code to reproduce the results. It doesn't look
 like they tested WebGL "Minimal Mode", and we'll also want to do our own
 testing too.
 3. It is probably too early in the fingerprinting defenses game to bend
 over backwards to try to fully conceal OS for this specific vector. OS is
 likely to leak a ton of different ways. We should go after lower hanging
 fruit first, until more light is shown upon the threat landscape.
 4. Their concluding rhetorical question about fingerprints being
 unavoidable on the modern web is nonsense. Computers are mass produced,
 and are virtualizable. Even in the worst-case scenario, we can provide an
 anonymity set roughly equivalent to OS and graphics card userbase size.
 Most likely, we can do quite a bit better than that, especially if we
 leave WebGL click-to-play.

 Now, thoughts on defenses:
 I think the "Prompt for canvas image extraction" defense is probably the
 best option for now due to implementation effort, though I do like their
 idea of virtualizing the rendering surface during image extraction.

 We might also want to enforce different font count limits on the canvas
 than for normal rendering, or switch to a default font for image
 extraction. Or maybe we don't care, if we prompt first. I agree that
 prompts suck, but hopefully this should be an uncommon thing to
 experience, unless you're making lolcat captions of course.

 I'm going to let these thoughts bake for a bit before filing tickets for
 the above.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/6041#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list