[tor-bugs] #18500 [Tor Browser]: Investigate impact of fingerprinting via getClientRects()
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Mar 8 12:06:51 UTC 2016
#18500: Investigate impact of fingerprinting via getClientRects()
-----------------------------+--------------------------------
Reporter: gk | Owner: tbb-team
Type: task | Status: new
Priority: High | Milestone:
Component: Tor Browser | Version:
Severity: Major | Keywords: tbb-fingerprinting
Actual Points: | Parent ID:
Points: | Sponsor:
-----------------------------+--------------------------------
http://jcarlosnorte.com/security/2016/03/06/advanced-tor-browser-
fingerprinting.html claims that getClientRects() provides a lot of
differences between two computers. This is "[d]epending on the resolution,
font configuration and lots of other factors".
We should investigate how problematic that method is keeping in mind that
we are currently not aiming at hiding the platform a user is on and that
we do font normalization and rounding of the content window on start-up
and a bunch of other things.
I asked the author of the blog post to explain the differences on the two
computers he got, taking the things I mentioned above into account but we
got no reply so far.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18500>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list