[tor-bugs] #18046 [Tor Browser]: how to protect anonymity of users using menu / bookmarks bars?

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Feb 8 10:08:57 UTC 2016 

#18046: how to protect anonymity of users using menu / bookmarks bars?
-------------------------------------------+---------------------------
 Reporter:  zorlaguzellikolmaz             |          Owner:  tbb-team
     Type:  defect                         |         Status:  closed
 Priority:  Medium                         |      Milestone:
Component:  Tor Browser                    |        Version:
 Severity:  Normal                         |     Resolution:  duplicate
 Keywords:  tbb-fingerprinting-resolution  |  Actual Points:
Parent ID:                                 |         Points:
  Sponsor:                                 |
-------------------------------------------+---------------------------

Comment (by gk):

 Replying to [ticket:18046 zorlaguzellikolmaz]:
 > I am concerned that users adding a menu bar or a bookmarks bar to their
 tor browser may be reporting smaller and trackable window heights to
 websites. I am not sure if this is the case, but I suspect so.

 Yes, it is.

 > I'd make the case that reporting a set window size to websites
 regardless of what the actual Tor window is is the safest option. An extra
 button between minimize and maximize could resize the window to the
 expected size when needed.

 I think this is not going to work apart from the fact that basically no
 user will ever understand this additional button given that this is not
 how they are trained to use browsers and other applications.

 > Another reason to consider this option is that well-meaning users trying
 to move the window sometimes wind up resizing it without intent, or in
 trying to resize it dispell the warning and work in another size window.
 This is difficult to avoid with trackpads, which are prone to drag-and-
 drop errors. And then the user must choose between restarting the browser
 and losing work or potentially not even realise it and continue working in
 a compromised manner.

 This is a concern, yes. We are working on a solution to this in #14429.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18046#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list