[tor-bugs] #32192 [Applications/Tor Browser]: Provide input or mitigate W3C Proposal for css-mediaqueries

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Oct 22 14:10:56 UTC 2019


#32192: Provide input or mitigate W3C Proposal for css-mediaqueries
--------------------------------+------------------------------------------
 Reporter:  cypherpunks         |          Owner:  tbb-team
     Type:  task                |         Status:  new
 Priority:  Medium              |      Component:  Applications/Tor Browser
  Version:                      |       Severity:  Major
 Keywords:  tbb-fingerprinting  |  Actual Points:
Parent ID:                      |         Points:
 Reviewer:                      |        Sponsor:
--------------------------------+------------------------------------------
 TBB Team may want to be proactive on an upcoming W3C Proposal for css-
 mediaqueries as it is already at Level 5 consideration.

 Changes include:

 * New HTTP Header (Fingerprinting Risk) - https://github.com/w3c/csswg-
 drafts/issues/4162

 * System-wide dark mode setting to automatically toggle based on location-
 dependent data.  https://github.com/w3c/csswg-drafts/issues/4404


 > "If implemented naively without taking privacy into account, such a
 feature combined with prefers-color-scheme could potentially reveal the
 user's longitude to all websites with a remarkable degree of precision.
 (Multiple readings over the course of a year might also be able to
 determine latitude to some extent.)"

 Overall this seems like a very bad spec as currently written, and could
 just as easily be done with current JS rather than forcing time-based
 tracking into headers and CSS code in all major useragents.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/32192>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list