[tor-bugs] #12609 [TorBrowserButton]: HTML5 fullscreen API makes TB fingerprintable, disable it!
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Aug 28 17:29:56 UTC 2014
#12609: HTML5 fullscreen API makes TB fingerprintable, disable it!
----------------------------------+--------------------------------
Reporter: cypherpunks | Owner: mikeperry
Type: defect | Status: needs_revision
Priority: major | Milestone:
Component: TorBrowserButton | Version:
Resolution: | Keywords: tbb-fingerprinting
Actual Points: | Parent ID:
Points: |
----------------------------------+--------------------------------
Comment (by faether):
Uh oh, there's onresize events firing all over the place when you go to
fullscreen. See below in the log, that number 1000x689? That's the my
'''actual browser ''window'' size''' (but without the X11 border).
{{{
[17:13:11.255] "1409245991255 pre-fs 1000x600"
[17:13:11.308] "1409245991287 onresize 1000x689"
[17:13:11.360] "1409245991360 onresize 1000x689"
[17:13:11.370] "1409245991370 onresize 1680x1055"
[17:13:12.256] "1409245992256 1000ms 1680x1055"
[17:13:12.257] Exited full-screen because full-screen element was removed
from document.
[17:13:12.273] "1409245992272 onresize 1680x966"
[17:13:12.317] "1409245992317 onresize 1000x600"
[17:13:13.256] "1409245993256 2000ms 1000x600"
[17:13:16.061] "1409245996061 onresize 1000x350"
}}}
generated using fingerprinter v3:
https://rawgit.com/anonymous/f63b0650637fef3dcdf1/raw/a4199acc17e23ca301a4b71bbe916143b9b5f89b/fs-v3.html
(this version is not optimized for speed)
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/12609#comment:21>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list