[tor-bugs] #13017 [Applications/Tor Browser]: Determine if AudioBuffers/OfflineAudioContext are a fingerprinting vector

Tor Bug Tracker & Wiki blackhole at torproject.org
Fri Sep 9 12:41:55 UTC 2016


#13017: Determine if AudioBuffers/OfflineAudioContext are a fingerprinting vector
-------------------------------------------------+-------------------------
 Reporter:  mikeperry                            |          Owner:
                                                 |  arthuredelstein
     Type:  task                                 |         Status:
                                                 |  assigned
 Priority:  Very High                            |      Milestone:
Component:  Applications/Tor Browser             |        Version:
 Severity:  Critical                             |     Resolution:
 Keywords:  tbb-fingerprinting-os,               |  Actual Points:
  TorBrowserTeam201609                           |
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------

Comment (by Octopus):

 Hello! Developer of Fingerprint Central here!
 The website is still in [https://fpcentral.irisa.fr/ beta] but thanks to
 several visitors, it seems that we can already have an early insight on
 some AudioContext attributes from the 40 TBB fingerprints that were
 collected. I added the tests found from the
 [https://audiofingerprint.openwpm.com/ OpenWPM Study] and you can see some
 results below that I found the most relevant.

 ||N°||Count||Percentage||User-Agent||pxi buffer hash||ac-sampleRate||ac-
 maxChannelCount||
 ||1||21||60.00%||"Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101
 Firefox/45.0"||158e8189...||44100||2||
 ||2||4||11.43%||"Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101
 Firefox/45.0" ||89cad797...||48000||2||
 ||3||3||8.57%||"Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101
 Firefox/45.0"  ||4baefb24...||44100||2||
 ||4||1||2.86%||"Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101
 Firefox/45.0"  ||89cad797...||96000||2||
 ||5||1||2.86%||"Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101
 Firefox/45.0"  ||4baefb24...||48000||2||
 ||6||1||2.86%||"Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101
 Firefox/38.0"  ||158e8189...||48000||2||
 ||7||1||2.86%||"Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101
 Firefox/45.0"  ||e8a01cca...||44100||2||
 ||8||1||2.86%||"Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101
 Firefox/45.0"  ||4baefb24...||44100||10000||
 ||9||1||2.86%||"Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101
 Firefox/45.0"  ||158e8189...||44100||32||
 ||10||1||2.86%||"Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101
 Firefox/45.0" ||158e8189...||44100||0||

 I don't know if it can be generalized to the majority of the TBB
 population but it seems that most users should have the same combination
 of Sample rate/Channel count/Buffer hash. However, differences can still
 be observed between sample rate (44100Hz/48000Hz/96000Hz) and max channel
 count (0/2/32/10000) and users without the most common values may be more
 prone to fingerprinting than others. I added the hash to see if there was
 a link between these attributes and the rendered audio but this needs more
 investigation as noted by #comment:26.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13017#comment:36>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list