[tor-bugs] #10286 [Applications/Tor Browser]: Touch events leak absolute screen coordinates
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Apr 19 21:53:58 UTC 2017
#10286: Touch events leak absolute screen coordinates
-------------------------------------------------+-------------------------
Reporter: mikeperry | Owner: tbb-
| team
Type: defect | Status:
| assigned
Priority: High | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: tbb-fingerprinting-resolution, | Actual Points:
ff52-esr, tbb-testcase, tbb-firefox-patch, |
tbb-7.0-must, TorBrowserTeam201704 |
Parent ID: | Points:
Reviewer: | Sponsor:
| Sponsor4
-------------------------------------------------+-------------------------
Comment (by arthuredelstein):
On the latest Tor Browser alpha, the pref "dom.w3c_touch_events.enabled"
is set to 2 on Windows and Linux, which means "autodetect". Autodetect
mode results in the Touch API being exposed only when touch hardware is
present. So we should either set it to "1" (enable) or "0" (disable) to
ensure that JS code can't fingerprint the user's hardware.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10286#comment:18>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list