[tor-bugs] #13017 [Applications/Tor Browser]: Determine if AudioBuffers/OfflineAudioContext are a fingerprinting vector

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon May 30 09:42:56 UTC 2016


#13017: Determine if AudioBuffers/OfflineAudioContext are a fingerprinting vector
-------------------------------------------------+-------------------------
 Reporter:  mikeperry                            |          Owner:
     Type:  task                                 |  arthuredelstein
 Priority:  Very High                            |         Status:
Component:  Applications/Tor Browser             |  assigned
 Severity:  Critical                             |      Milestone:
 Keywords:  tbb-fingerprinting-os, tbb-easy,     |        Version:
  TorBrowserTeam201605                           |     Resolution:
Parent ID:                                       |  Actual Points:
 Reviewer:                                       |         Points:
                                                 |        Sponsor:
-------------------------------------------------+-------------------------

Comment (by cypherpunks):

 Replying to [comment:25 arthuredelstein]:
 > The Web Audio API looks to me like something that would only have
 occasional legitimate uses. Most sites using audio do not need to do any
 sound processing on the fly. Many games need only to play sound samples,
 which can be done with <audio> elements and don't require Web Audio. Uses
 for Web Audio I can think of include 3D games or other immersive content,
 music sequencers or audio/video editing apps. So, because these are fairly
 unusual, I think one efficient defense would be to prompt the user before
 allowing content to instantiate an AudioContext object, very similar to
 how we prompt before HTML5 Canvas image extraction (#6253).

 I think the prompt is a good solution if indeed the Web Audio API reveals
 more about a browser/machine/OS than the JS Math interface. If not, fixing
 the JS Math interface should fix this problem? Not sure...

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13017#comment:26>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list