[tor-bugs] #4810 [Firefox Patch Issues]: Weird screen sizes reported by Panopticlick

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Feb 11 13:31:56 UTC 2014


#4810: Weird screen sizes reported by Panopticlick
-------------------------------------+-------------------------------------
     Reporter:  erikd                |      Owner:  mikeperry
         Type:  enhancement          |     Status:  needs_revision
     Priority:  major                |  Milestone:  TorBrowserBundle
    Component:  Firefox Patch        |  2.3.x-stable
  Issues                             |    Version:
   Resolution:                       |   Keywords:
Actual Points:                       |  Parent ID:
       Points:                       |
-------------------------------------+-------------------------------------

Comment (by v3glvnCJK7NRg1kK):

 Guys, this is ridiculous. This patch should have been applied '''two
 years''' ago while the proper fix was discussed and implemented. Hell,
 even forcing the TBB window to one static size and disallowing resizing is
 more acceptable than leaving this for so long.

 This might not be as serious an infoleak vulnerability as, say, enabling
 Flash by default, but it is a serious infoleak vulnerability nonetheless.
 Let's please do ''something'' about this now, rather than later.

 With that said, both screen size and window size should be masked. For me,
 the ideal solution is to only ever report, say, two sizes (depending on
 the user's actual chosen window size) and automatically zoom the view to
 compensate for the difference between reported and actual size. TBB
 already presents some usability problems with plugins, etc.; screwing up
 some sites' layouts and making them appear ugly is a small price to pay
 for mitigating such an obvious de-anonymization vector.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/4810#comment:11>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list