[tor-bugs] #27196 [Applications/Tor bundles/installation]: TB 8a10 and panopticlick: your browser has a unique fingerprint

Tor Bug Tracker & Wiki blackhole at torproject.org
Sat Aug 18 03:32:30 UTC 2018 

#27196: TB 8a10 and panopticlick: your browser has a unique fingerprint
-------------------------------------+-------------------------------------
     Reporter:  traumschule          |      Owner:  erinn
         Type:  defect               |     Status:  new
     Priority:  Medium               |  Milestone:
    Component:  Applications/Tor     |    Version:
  bundles/installation               |   Keywords:  ff60-esr, tbb-usability
     Severity:  Normal               |  tbb-security, tbb-performance
Actual Points:                       |  Parent ID:
       Points:                       |   Reviewer:
      Sponsor:                       |
-------------------------------------+-------------------------------------
 The bundle works fine, thanks for your great work!

 I am surprised by the new yellow blinking triangle over the onion settings
 button. What does it mean? (The tooltip only says "Tor Enabled")

 = Update NoScript to 10.1.8.16
 In NoScript preferences the list of per-site definitions was empty, I
 added a site and clicked on reset: a lot of whitelisted domains appeared
 (#26517).

 = Trackers
 As discussed before (#12958),
 [https://trac.torproject.org/projects/tor/wiki/org/teams/CommunityTeam/Support_discuss
 #CanIinstallanewadd-onorextensioninTorBrowserlikeAdBlockPlusoruBlockOrigin
 blocking content allows fingerprinting], instead
 [[comment:4:ticket:12958|you suggest]] "an identical blocklist for every
 user. For example, AdBlock Plus with a fixed set of filters." Do you have
 plans to do this? (I am aware of your answers for
 [[comment:1:ticket:15279|uMatrix]] and [[comment:54:ticket:17569|ublock
 origin]] and spare you to repost everything :)
 (mentioning [https://riseup.net/en/security/network-security/better-web-
 browsing Riseup's recommendations] + requestblock for a balanced
 perspective, because I do not follow the conclusion that external requests
 should be accepted just not to be finger-printable. For me personally it's
 worse, when trackers know that I visited a site.)

 #14924 sounds reasonable.

 = EFF/Panopticlick
 wants me to install privacybadger (not voting for it here, because of
 #12958)
 Is your browser blocking tracking ads?  ⚠ partial protection
 Is your browser blocking invisible trackers?    ⚠ partial protection
 Does your blocker stop trackers that are included in the so-called
 “acceptable ads” whitelist?  ✗ no
 Does your browser unblock 3rd parties that promise to honor Do Not Track?
 ✗ no
 Does your browser protect from fingerprinting?  ✗
 your browser has a unique fingerprint
 https://share.riseup.net/#3RwdPLNSuFFZcK9MA_6l8g

 I consider the defaults dangerous ([[comment:3:ticket:25451|window
 size]]). Why not setting the security slider to "Safest" per default?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/27196>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list