[tor-bugs] #13021 [Tor Browser]: Review Canvas APIs for fingerprintability
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Sep 19 00:04:44 UTC 2014
#13021: Review Canvas APIs for fingerprintability
-------------------------+-------------------------------------------------
Reporter: | Owner: brade
mikeperry | Status: assigned
Type: task | Milestone:
Priority: major | Version:
Component: Tor | Keywords: ff31-esr, tbb-fingerprinting,
Browser | TorBrowserTeam201409
Resolution: | Parent ID:
Actual Points: |
Points: |
-------------------------+-------------------------------------------------
Comment (by gacar):
Brilliant! I think this also makes fixing the multi-frame issue in
[https://trac.torproject.org/projects/tor/ticket/5798#comment:13 #5798]
more important.
Since it is the font-limit that bounces this attack, and one can embed
multiple canvases in different iframes.
BTW I just remember that I once tested if font-limits apply to canvas as
well:
http://jsbin.com/ferit/
As your findings also confirm the limits apply to canvas, which is good.
Back then apparently I was aware that measureText can be used for
fingerprinting, but I guess I thought it gives more or less the same info
as CSS offsetWidth/Height measurement. Having seen dcf's demo with
transformations (comment 7), now I'm not very sure about that...
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13021#comment:10>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list