[tor-bugs] #13017 [Applications/Tor Browser]: Determine if AudioBuffers/OfflineAudioContext are a fingerprinting vector

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Jun 7 18:16:27 UTC 2016 

#13017: Determine if AudioBuffers/OfflineAudioContext are a fingerprinting vector
-------------------------------------------------+-------------------------
 Reporter:  mikeperry                            |          Owner:
     Type:  task                                 |  arthuredelstein
 Priority:  Very High                            |         Status:
Component:  Applications/Tor Browser             |  assigned
 Severity:  Critical                             |      Milestone:
 Keywords:  tbb-fingerprinting-os, tbb-easy,     |        Version:
  TorBrowserTeam201606                           |     Resolution:
Parent ID:                                       |  Actual Points:
 Reviewer:                                       |         Points:
                                                 |        Sponsor:
-------------------------------------------------+-------------------------

Comment (by cypherpunks):

 Replying to [comment:29 boklm]:
 > I have been running the https://audiofingerprint.openwpm.com/ test on
 one computer with 3 different linux distributions using docker (so the
 same kernel was used): Fedora 22, Debian Jessie, Debian Wheezy.
 >
 > The `Fingerprint using DynamicsCompressor (sum of buffer values)` line
 was the same in all cases: 35.74996018782258
 >
 > The `Fingerprint using DynamicsCompressor (hash of full buffer)` was the
 same on Fedora 22 and Debian Jessie:
 158e8189a3551fe4f2e564ac377b0f1e588a1ab3
 > But it was different on Debian Wheezy:
 205ae8bb7897e9c9faa399d83bbcdc704a9962a1
 >
 > After putting a copy of a libm.so.6 from Fedora in the
 Browser/TorBrowser/Tor/ directory and running it again on Wheezy, the
 `hash of full buffer` value became the same as on the 2 other
 distributions.
 >
 > So it looks like the libm.so.6 used affects the `hash of full buffer`.

 What about `Fingerprint using OscillatorNode` and `Fingerprint using
 hybrid of OscillatorNode/DynamicsCompressor method` ?

 When I tested it (see comment 22) those were all different from each
 other, haven't looked too closely if the values remained the same though.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13017#comment:30>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list