[tor-bugs] #17207 [Tor Browser]: Testing navigator.mimeTypes for known names can reveal info and increase fingerprinting risk
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Oct 30 21:27:57 UTC 2015
#17207: Testing navigator.mimeTypes for known names can reveal info and increase
fingerprinting risk
-------------------------------------------------+-------------------------
Reporter: TemporaryNick | Owner:
Type: defect | arthuredelstein
Priority: High | Status:
Component: Tor Browser | needs_review
Severity: Major | Milestone:
Keywords: tbb-fingerprinting, | Version:
TorBrowserTeam201510R | Resolution:
Parent ID: | Actual Points:
Sponsor: | Points:
-------------------------------------------------+-------------------------
Comment (by gk):
This looks okay to me and I merged cherry-picked the commits onto tor-
browser-38.3.0esr-5.5-2. One question: Is there any reason why you did not
add ` ||ResistFingerprinting()` to any `!AllowPlugins()`? I guess only
those where you added them are fingerprinting relevant? I wonder if that
is going to lead into some confusion though: there may be things doable
with plugins if you have fingerprinting defenses enabled (and are allowing
plugins) and other things only if you have them disabled. Or are there no
such things? I know there are a bunch of users that (need to?) enable
Flash but maybe we just don't care about them too much here.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17207#comment:18>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list