[tor-bugs] #27196 [Applications/Tor bundles/installation]: TB 8a10 and panopticlick: your browser has a unique fingerprint
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sat Aug 18 10:19:19 UTC 2018
#27196: TB 8a10 and panopticlick: your browser has a unique fingerprint
-------------------------------------------------+-------------------------
Reporter: traumschule | Owner: erinn
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor | Version:
bundles/installation |
Severity: Normal | Resolution:
Keywords: ff60-esr, tbb-usability tbb- | Actual Points:
security, tbb-performance |
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Comment (by ProTipGuyFWIWWeLoveARMA):
Replying to [ticket:27196 traumschule]:
> = Trackers
> As discussed before (#12958),
[https://trac.torproject.org/projects/tor/wiki/org/teams/CommunityTeam/Support_discuss
#CanIinstallanewadd-onorextensioninTorBrowserlikeAdBlockPlusoruBlockOrigin
blocking content allows fingerprinting], instead
[[comment:4:ticket:12958|you suggest]] "an identical blocklist for every
user. For example, AdBlock Plus with a fixed set of filters." Do you have
plans to do this? (I am aware of your answers for
[[comment:1:ticket:15279|uMatrix]] and [[comment:54:ticket:17569|ublock
origin]] and spare you to repost everything :)
> (mentioning [https://riseup.net/en/security/network-security/better-web-
browsing Riseup's recommendations] + requestblock for a balanced
perspective, because I do not follow the conclusion that external requests
should be accepted just not to be finger-printable. For me personally it's
worse, when trackers know that I visited a site.)
Trackers won't know who the "I" is so it's at worst harmless. The
arguments for a tracker blocker including one are mainly - as I see it -
about performance. Also Arthur voiced support for such a proposal. There's
also another proposal for adding Decentraleyes which (doesn't block
trackers) provides JS libraries locally instead and blocks resolving them
through a CDN: #22089, it sounds good and doesn't suffer the problems with
a tracker blocker but has not received any response so far from tb-devs.
> #14924 sounds reasonable.
Yes.
> = EFF/Panopticlick
> wants me to install privacybadger (not voting for it here, because of
#12958)
> Is your browser blocking tracking ads? ⚠ partial protection
> Is your browser blocking invisible trackers? ⚠ partial protection
> Does your blocker stop trackers that are included in the so-called
“acceptable ads” whitelist? ✗ no
> Does your browser unblock 3rd parties that promise to honor Do Not
Track? ✗ no
> Does your browser protect from fingerprinting? ✗
> your browser has a unique fingerprint
> https://share.riseup.net/#3RwdPLNSuFFZcK9MA_6l8g
What is going on with your browser window size? It doesn't appear to be
normal. You can test as well here: https://fpcentral.tbb.torproject.org/fp
Because that's the only thing that leaks much entropy in your side (here's
hoping tbb devs will actually fix the user agent as well to not leak OS
for most sites and most trackers).
> I consider the defaults dangerous ([[comment:3:ticket:25451|window
size]]). Why not setting the security slider to "Safest" per default?
Captain Mike has a nice breakdown explanation:
https://lists.torproject.org/pipermail/tor-talk/2012-May/024227.html
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/27196#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list