[tor-bugs] #17207 [Tor Browser]: Testing navigator.mimeTypes for known names can reveal info and increase fingerprinting risk
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Oct 14 02:06:47 UTC 2015
#17207: Testing navigator.mimeTypes for known names can reveal info and increase
fingerprinting risk
-------------------------------------------------+-------------------------
Reporter: TemporaryNick | Owner:
Type: defect | arthuredelstein
Priority: High | Status:
Component: Tor Browser | assigned
Severity: Blocker | Milestone:
Keywords: tbb-fingerprinting, | Version:
TorBrowserTeam201510 | Resolution:
Parent ID: | Actual Points:
Sponsor: | Points:
-------------------------------------------------+-------------------------
Changes (by teor):
* severity: => Blocker
Comment:
Replying to [comment:9 arthuredelstein]:
> Replying to [comment:7 gk]:
> > Good stuff! I thought we already had a defense against this but I
could not find anything so far.
>
> It's interesting that `navigator.mimeTypes.length == 0`. So one would
have thought it didn't have any members.
It seems that a partial anti-enumeration design is in place, but only
against positional iteration. (As well as setting
`navigator.mimeTypes.length` to `0`, all indexes of the form
`navigator.mimeTypes[0]` return `undefined`.)
But that doesn't stop lookups using an external list of MIME type names.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17207#comment:10>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list