[tor-bugs] #22632 [Applications/Tor Browser]: The scrollbar in TBB is enabled and disabled based on a setting in macOS system preferences

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Jun 19 14:10:46 UTC 2017


#22632: The scrollbar in TBB is enabled and disabled based on a setting in macOS
system preferences
--------------------------------------+--------------------------
 Reporter:  Dbryrtfbcbhgf             |          Owner:  tbb-team
     Type:  defect                    |         Status:  reopened
 Priority:  Low                       |      Milestone:
Component:  Applications/Tor Browser  |        Version:
 Severity:  Minor                     |     Resolution:
 Keywords:  tbb-fingerprinting        |  Actual Points:
Parent ID:                            |         Points:
 Reviewer:                            |        Sponsor:
--------------------------------------+--------------------------

Comment (by cypherpunks):

 Is there any evidence of such fingerprinting or a known way that js can be
 used to detect the status of the scrollbar? I am 99% certain without
 javascript it is impossible. Unless there is anything here beyond mouse
 tracking with javascript, which already has a ticket, shouldn't there be
 some evidence brought forward?

 I know this really should be in another ticket, but I don't like adding
 duplicate or unnecessary ones (there are enough already) - does anyone
 know if ClientRects fingerprinting has been examined in TorBrowser?
 https://browserleaks.com/rects .

 Imho though, if you let the tens of thousands of lines of js code (e.g.
 https://www.youtube.com/yts/jsbin/www-en_US-vflBNfd5x/base.js)
 (https://www.youtube.com/yts/jsbin/player-vfle90bgw/en_US/base.js) that
 most mainstream sites include run, as I said, it is practically impossible
 to stop some form of fingerprinting. The only way this will improve is if
 more real-world analysis of javascript tracking is done - examining which
 APIs are used, to RE obfuscated code.

 Either the DOM/ECMAScript are changed fundamentally and browser developers
 stop adding new  unnecessary APIs every other day, emphasize
 security/privacy, document preferences properly, encourage control and
 encourage web developers to follow the principles of progressive
 enhancement.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22632#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list