[tor-bugs] #29566 [Applications/Tor Browser]: math.cos reveals OS

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Apr 16 08:26:26 UTC 2019


#29566: math.cos reveals OS
--------------------------------------+---------------------------
 Reporter:  Thorin                    |          Owner:  tbb-team
     Type:  defect                    |         Status:  closed
 Priority:  Medium                    |      Milestone:
Component:  Applications/Tor Browser  |        Version:
 Severity:  Normal                    |     Resolution:  duplicate
 Keywords:  tbb-fingerprinting-os     |  Actual Points:
Parent ID:                            |         Points:
 Reviewer:                            |        Sponsor:
--------------------------------------+---------------------------

Comment (by Thorin):

 This is interesting: https://bugzilla.mozilla.org/show_bug.cgi?id=1380031
 (FF68+)

 Actual results:
 `2.718281828459045`, `2.7182818284590455`, `false`
 Expected results:
 `2.718281828459045`, `2.718281828459045`, `true`

 Note the extra decimal place. Now look at what I've been using for
 exmp1(1)

 windows/mac/android
 `1.7182818284590455`
 linux TB32bit, 64bit, Firefox 32bit linux:
 `1.718281828459045`

 Note the extra decimal place **and** the exact same decimal data.

 So I wonder if what they did changes all the FP'ing that leaks 64/32
 builds and 64/32 OS architecture.

 Will have a play on 68 later. This doesn't affect any of the ECMAScript
 1st Edition FP'ing, but may neutralize the 6th Edition ones (I found only
 three equations that varied, the one above was one of them) - and both
 editions were required to get the extra entropy.

 Will advise - watch this space

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/29566#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list