[tor-bugs] #13017 [Applications/Tor Browser]: Determine if AudioBuffers/OfflineAudioContext are a fingerprinting vector

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon May 23 23:57:53 UTC 2016


#13017: Determine if AudioBuffers/OfflineAudioContext are a fingerprinting vector
---------------------------------------------+-----------------------------
 Reporter:  mikeperry                        |          Owner:  tbb-team
     Type:  task                             |         Status:
 Priority:  Very High                        |  needs_information
Component:  Applications/Tor Browser         |      Milestone:
 Severity:  Critical                         |        Version:
 Keywords:  tbb-fingerprinting-os, tbb-easy  |     Resolution:
Parent ID:                                   |  Actual Points:
 Reviewer:                                   |         Points:
                                             |        Sponsor:
---------------------------------------------+-----------------------------
Changes (by cypherpunks):

 * priority:  Medium => Very High
 * severity:  Normal => Critical


Comment:

 Replying to [comment:16 gk]:
 > Replying to [comment:15 cypherpunks]:
 > > I have three different machines, one Windows and two Linux ones and I
 can verify that for each different machine using Tor Browser 5.5.5 the
 fingerprints are exactly the same for each machine.
 >
 > Hm... if they are exactly the same for each machine isn't that a good
 thing? It allows you hiding in the crowd which is our strategy to beat
 fingerprinters. That said, I tested it as well with two different Linux
 machines (and distributions) and on a Windows computer. I got the same
 fingerprint for the Linux machines but a different one with Windows (which
 is on one of the Linux boxes, too). Thus, this seems to support the theory
 that this is an OS-fingerprinting problem. Or did I miss anything?

 The fingerprints are the same **for each machine individually**
 independent of browser, OS, or computer restarts.
 So each machine can be uniquely identified. This is very problematic like
 I said. I know when it is the same for each machine there would be nothing
 problematic... that's anonymity, of course.

 But this is definitely problematic, please see/test for yourself.
 In my case, each machine can be uniquely identified.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13017#comment:17>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list