[tor-bugs] #10286 [Applications/Tor Browser]: Touch events leak absolute screen coordinates

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Apr 19 21:53:58 UTC 2017


#10286: Touch events leak absolute screen coordinates
-------------------------------------------------+-------------------------
 Reporter:  mikeperry                            |          Owner:  tbb-
                                                 |  team
     Type:  defect                               |         Status:
                                                 |  assigned
 Priority:  High                                 |      Milestone:
Component:  Applications/Tor Browser             |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  tbb-fingerprinting-resolution,       |  Actual Points:
  ff52-esr, tbb-testcase, tbb-firefox-patch,     |
  tbb-7.0-must, TorBrowserTeam201704             |
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
                                                 |  Sponsor4
-------------------------------------------------+-------------------------

Comment (by arthuredelstein):

 On the latest Tor Browser alpha, the pref "dom.w3c_touch_events.enabled"
 is set to 2 on Windows and Linux, which means "autodetect". Autodetect
 mode results in the Touch API being exposed only when touch hardware is
 present. So we should either set it to "1" (enable) or "0" (disable) to
 ensure that JS code can't fingerprint the user's hardware.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10286#comment:18>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list