[tor-bugs] #13021 [Tor Browser]: Review Canvas APIs for fingerprintability
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Sep 17 09:04:10 UTC 2014
#13021: Review Canvas APIs for fingerprintability
-------------------------+-------------------------------------------------
Reporter: | Owner: brade
mikeperry | Status: assigned
Type: task | Milestone:
Priority: major | Version:
Component: Tor | Keywords: ff31-esr, tbb-fingerprinting,
Browser | TorBrowserTeam201409
Resolution: | Parent ID:
Actual Points: |
Points: |
-------------------------+-------------------------------------------------
Comment (by gacar):
Cool, seems all Canvas API methods are in a competition to be the most
fingerprintable!
I got matching results with you, i.e. my FF 32 matched your FF 31, my Tor
Browser matched yours.
I think this may get really scary if we observe different fingerprints for
the same TBB version on different machines (with the same OSes).
Until seeing that, I will believe that Tor Browser is ok with this attack.
Since the diversity should be due to the drawing target (cairo SW, common
for TBB users) which does the transformation and boundary calculation:
https://mxr.mozilla.org/mozilla-
esr31/source/content/canvas/src/CanvasRenderingContext2D.cpp#898
https://mxr.mozilla.org/mozilla-
esr31/source/content/canvas/src/CanvasRenderingContext2D.cpp#3110
Being said that, I think that really worth testing!
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13021#comment:8>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list