[tor-bugs] #20214 [Applications/Tor Browser]: Ultrasound Cross Device Tracking techniques could be used to launch deanonymization attacks against some users

[Tor Bug Tracker & Wiki]

#20214: Ultrasound Cross Device Tracking techniques could be used to launch
deanonymization attacks against some users
--------------------------------------+--------------------------
 Reporter:  VasiliosMavroudis         |          Owner:  tbb-team
     Type:  defect                    |         Status:  new
 Priority:  High                      |      Milestone:
Component:  Applications/Tor Browser  |        Version:
 Severity:  Major                     |     Resolution:
 Keywords:                            |  Actual Points:
Parent ID:                            |         Points:
 Reviewer:                            |        Sponsor:
--------------------------------------+--------------------------
Changes (by cypherpunks):

 * priority:  Medium => High
 * severity:  Normal => Major


Comment:

 It's a good point that prompting for all audio on low-security would
 hinder usability.
 But blocking sounds over or under the human hearing range would hurt
 nothing. There are other attacks but why leave this one in when it can be
 fixed so easily?
 This attack worls even on pags that seem 100% quiet to people. The other
 attacks are harder to carry out, the barrier to entry is raised from
 "everywhere" to "only websites with sound".

 There is even a good argument for prompting on normal audio; yes, many
 users will be tricked, but at least you'll be able to browse places that
 require javascript like Reddit which you know should never require audio
 privileges. The prompt would make it harder for China to track people
 reading about Christianity or the Dalai Lama.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20214#comment:12>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online