[tor-bugs] #14098 [Tor Browser]: TBB still fingerprintable by screen size

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Jan 27 21:07:36 UTC 2015 

#14098: TBB still fingerprintable by screen size
-----------------------------+--------------------------------
     Reporter:  cypherpunks  |      Owner:  tbb-team
         Type:  defect       |     Status:  new
     Priority:  normal       |  Milestone:
    Component:  Tor Browser  |    Version:
   Resolution:               |   Keywords:  tbb-fingerprinting
Actual Points:               |  Parent ID:
       Points:               |
-----------------------------+--------------------------------

Comment (by randybytes):

 Replying to [comment:11 gk]:
 > Replying to [comment:9 randybytes]:
 > > Replying to [comment:6 mcs]:
 > > >
 > > > Access to properties within window.screen has been patched as well.
 Are you seeing a case where window.screen leaks the actual display
 dimensions or other info?
 > >
 > > > Are you seeing a case where window.screen leaks the actual display
 dimensions or other info?
 > >
 > > Yes, on the Tor Browser bundle 4.03 with windows 8.1 leaks the actual
 display dimensions:
 > >
 > > On https://panopticlick.eff.org it leaks:
 > >
 > > Screen Size and Color Depth: 1366x633x24
 > >
 > > which only 1 in 82820.68 browsers have this value.
 > >
 > > from the javascript console window.screen shows:
 > >
 > > Screen { availWidth: 1366, availHeight: 383, width: 1366, height: 383,
 colorDepth: 24, ...
 > >
 > > Thanks for replying, is their any diagnostic information that could
 help?
 >
 > Are you resizing/maximizing your browser window? If so, then this is the
 cause of the unusual screen size. Our defense is not working with
 resized/maximized windows yet.

 When I start the browser in windowed mode, without any resizing or
 maximization I get:

 Screen Size and Color Depth:
 one in x browsers have this value: 621890.75
 value: 1004x535x24

 So even with no alterations to the window, I am not getting any protection
 on my platform.  1 in 62K could identify my computer.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/14098#comment:12>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list