[tor-bugs] #13017 [Applications/Tor Browser]: Determine if AudioBuffers/OfflineAudioContext are a fingerprinting vector

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue May 24 16:34:06 UTC 2016


#13017: Determine if AudioBuffers/OfflineAudioContext are a fingerprinting vector
-------------------------------------------------+-------------------------
 Reporter:  mikeperry                            |          Owner:
     Type:  task                                 |  arthuredelstein
 Priority:  Very High                            |         Status:
Component:  Applications/Tor Browser             |  assigned
 Severity:  Critical                             |      Milestone:
 Keywords:  tbb-fingerprinting-os, tbb-easy,     |        Version:
  TorBrowserTeam201605                           |     Resolution:
Parent ID:                                       |  Actual Points:
 Reviewer:                                       |         Points:
                                                 |        Sponsor:
-------------------------------------------------+-------------------------

Comment (by cypherpunks):

 Okay I've rechecked and compared the individual test results for each
 machine.
 Which I refer to as `Linux A`, `Linux B`, and `Windows`

 For the **AudioContext properties** `Windows` and `Linux B` had the exact
 same values namely:
 {{{
 {
 "ac-sampleRate": 48000,
 "ac-maxChannelCount": 2,
 "ac-numberOfInputs": 1,
 
"ac-numberOfOutputs": 0,
 "ac-channelCount": 2,
 "ac-channelCountMode": "explicit",
 "ac-channelInterpretation": "speakers",
 
"an-fftSize": 2048,
 "an-frequencyBinCount": 1024,
 "an-minDecibels": -100,
 "an-maxDecibels": -30,
 "an-smoothingTimeConstant": 0.8,
 "an-numberOfInputs": 1,
 "an-numberOfOutputs": 1,
 "an-channelCount": 1,
 "an-channelCountMode": "max",
 "an-channelInterpretation": "speakers"
 }
 }}}

 But `Linux A` only had different values, listed here:
 {{{
   "ac-sampleRate": 44100,
   "ac-maxChannelCount": 10000,
 }}}

 For the **Fingerprint using DynamicsCompressor (sum of buffer values)**
 * `Linux A` and `Linux B` both had `35.14587543532252`
 * `Windows` had `35.145139578345606`

 For the **Fingerprint using DynamicsCompressor (hash of full buffer)**
 * `Linux A` and `Linux B` both had
 `12a8c630cab33ce196f223822f4d23c59717abeb`
 * `Windows` had `14b5e50593a946dbf54923aeefec7682156ea46c`

 For **Fingerprint using OscillatorNode**
 * `Linux A`, `Linux B` and `Windows` **all had a unique fingerprint.**

 For **Fingerprint using hybrid of OscillatorNode/DynamicsCompressor
 method**
 * `Linux A`, `Linux B` and `Windows` **all had a unique fingerprint as
 well.**

 Hope this helps.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13017#comment:22>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list