[tor-bugs] #32861 [Applications/Tor Browser]: "Fingerprint.js PRO" successfully fingerprints Tor Browser
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Dec 30 22:44:37 UTC 2019
#32861: "Fingerprint.js PRO" successfully fingerprints Tor Browser
-------------------------------------+-------------------------------------
Reporter: printerman22 | Owner: tbb-team
Type: defect | Status: new
Priority: Medium | Component: Applications/Tor
| Browser
Version: | Severity: Normal
Keywords: fingperint, | Actual Points:
fingerpriting |
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------------------+-------------------------------------
Not affiliated with the site. Demo: https://fingerprintjs.com/demo.
When using Tor Browser 68.3.0esr on macOS Catalina, this site is capable
of successfully fingerprinting me across multiple visits with a different
identity each time.
Steps to reproduce:
1. Visit https://fingerprintjs.com/demo in the Tor Browser.
2. Click the "New Identity" button.
3. Wait a little bit to avoid timing correlation.
4. Revisit the website.
Screenshot of the fingerprinting: https://i.ibb.co/SvWsP4K/image.png.
A potential solution is taking some features from the "Trace" Firefox add-
on (not affiliated): https://addons.mozilla.org/en-US/firefox/addon
/absolutedouble-trace/. It prevented Fingerprint.js from successfully
fingerprinting anything. Every time I created a "New Identity" in the Tor
Browser and visited the website, it gave me a new identifier, with no
record of my past visits.
When using the Firefox add-on "Canvas Blocker", Fingerprint.js was still
capable of identifying me across identities.
Here are the Trace features I have enabled:
https://i.ibb.co/BPCbWCk/image.png.
Here are the advanced Trace features I have enabled:
https://i.ibb.co/8bmNYxL/image.png.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/32861>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list