[tor-bugs] #18500 [Tor Browser]: Investigate impact of fingerprinting via getClientRects()

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Mar 8 12:06:51 UTC 2016


#18500: Investigate impact of fingerprinting via getClientRects()
-----------------------------+--------------------------------
     Reporter:  gk           |      Owner:  tbb-team
         Type:  task         |     Status:  new
     Priority:  High         |  Milestone:
    Component:  Tor Browser  |    Version:
     Severity:  Major        |   Keywords:  tbb-fingerprinting
Actual Points:               |  Parent ID:
       Points:               |    Sponsor:
-----------------------------+--------------------------------
 http://jcarlosnorte.com/security/2016/03/06/advanced-tor-browser-
 fingerprinting.html claims that getClientRects() provides a lot of
 differences between two computers. This is "[d]epending on the resolution,
 font configuration and lots of other factors".

 We should investigate how problematic that method is keeping in mind that
 we are currently not aiming at hiding the platform a user is on and that
 we do font normalization and rounding of the content window on start-up
 and a bunch of other things.

 I asked the author of the blog post to explain the differences on the two
 computers he got, taking the things I mentioned above into account but we
 got no reply so far.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18500>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list