[tor-bugs] #10703 [TorBrowserButton]: Fallback charset enables fingerprinting of bundle localization
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Jan 23 07:08:32 UTC 2014
#10703: Fallback charset enables fingerprinting of bundle localization
----------------------------------+--------------------------------
Reporter: dcf | Owner: mikeperry
Type: defect | Status: needs_review
Priority: normal | Milestone:
Component: TorBrowserButton | Version:
Resolution: | Keywords: tbb-fingerprinting
Actual Points: | Parent ID:
Points: |
----------------------------------+--------------------------------
Comment (by dcf):
Replying to [ticket:10703 dcf]:
> JavaScript in the HTML measures the size of the rendered characters.
Actually it's even easier than measuring the size. You can look at the
`innerHTML` and get a string with exactly the decoded characters in it.
Here is what `encodeURIComponent(elem.innerHTML)` looks like for the
example sequence "\xc3\a3":
* utf-8: ã %C3%A3
* iso-8859-1: ã %C3%83%C2%A3
* iso-8859-2: ĂŁ %C4%82%C5%81
* windows-1251: ГЈ %D0%93%D0%88
* euc-kr: 찾 %EC%B0%BE
* gbk: 茫 %E8%8C%AB
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10703#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list