[tor-bugs] #4810 [Firefox Patch Issues]: Weird screen sizes reported by Panopticlick
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Feb 11 13:31:56 UTC 2014
#4810: Weird screen sizes reported by Panopticlick
-------------------------------------+-------------------------------------
Reporter: erikd | Owner: mikeperry
Type: enhancement | Status: needs_revision
Priority: major | Milestone: TorBrowserBundle
Component: Firefox Patch | 2.3.x-stable
Issues | Version:
Resolution: | Keywords:
Actual Points: | Parent ID:
Points: |
-------------------------------------+-------------------------------------
Comment (by v3glvnCJK7NRg1kK):
Guys, this is ridiculous. This patch should have been applied '''two
years''' ago while the proper fix was discussed and implemented. Hell,
even forcing the TBB window to one static size and disallowing resizing is
more acceptable than leaving this for so long.
This might not be as serious an infoleak vulnerability as, say, enabling
Flash by default, but it is a serious infoleak vulnerability nonetheless.
Let's please do ''something'' about this now, rather than later.
With that said, both screen size and window size should be masked. For me,
the ideal solution is to only ever report, say, two sizes (depending on
the user's actual chosen window size) and automatically zoom the view to
compensate for the difference between reported and actual size. TBB
already presents some usability problems with plugins, etc.; screwing up
some sites' layouts and making them appear ugly is a small price to pay
for mitigating such an obvious de-anonymization vector.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/4810#comment:11>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list