[tor-bugs] #29745 [Applications/Tor Browser]: Exposed chrome:// resources allow browser version and OS detection [Bug 1534581]

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Jun 11 13:42:07 UTC 2019


#29745: Exposed chrome:// resources allow browser version and OS detection [Bug
1534581]
--------------------------------------+--------------------------
 Reporter:  flngerprlnt               |          Owner:  tbb-team
     Type:  defect                    |         Status:  new
 Priority:  High                      |      Milestone:
Component:  Applications/Tor Browser  |        Version:
 Severity:  Normal                    |     Resolution:
 Keywords:  tbb-fingerprinting        |  Actual Points:
Parent ID:                            |         Points:
 Reviewer:                            |        Sponsor:
--------------------------------------+--------------------------

Comment (by Thorin):

 Not sure if it's worthwhile opening a new ticket: but the default
 proportional font (serif or sans-serif) is (semi-)detectable and it seems
 as if `zh-TW` is the only one to return `sans-serif`

 Is this something that was missed: For example: the default proportional
 font in `ja` and `he` is sans-serif, but the PoC returns `serif`


 {{{
 window.getComputedStyle(document.body,null).getPropertyValue("font-
 family")
 }}}

 [1] PoC:
 https://ghacksuserjs.github.io/TorZillaPrint/TorZillaPrint.html#fonts

 On the plus side: all 30 packs return sizes `16` (proportional) and `13`
 (monospace) regardless of the settings in Language & Appearance > Advanced

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/29745#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list