[tor-bugs] #31512 [Applications/Tor Browser]: Fingerprinting of Tor Browser

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Sep 18 10:49:09 UTC 2019 

#31512: Fingerprinting of Tor Browser
--------------------------------------+--------------------------
 Reporter:  thelamper                 |          Owner:  tbb-team
     Type:  enhancement               |         Status:  closed
 Priority:  Medium                    |      Milestone:
Component:  Applications/Tor Browser  |        Version:
 Severity:  Major                     |     Resolution:  invalid
 Keywords:                            |  Actual Points:
Parent ID:                            |         Points:
 Reviewer:                            |        Sponsor:
--------------------------------------+--------------------------

Comment (by Thorin):

 Not sure on brax.me not providing a static fingerprint for you. Does it
 ever change back to a previous fingerprint? Did it only change between
 releases?

 Examples: toggling the toolbar on/off: anything that changes chrome will
 affect the FP (until letterboxing kicks in). In the case of the toolbar,
 if enabled, this even affects new windows: you will find there is a glitch
 since FF57 (Quantum) where the height is always short by `x` pixels
 depending on the OS (but consistent `x` pixels per OS). And toolbar
 density also affects this. So it could be you had the toolbar showing some
 times, and others, not. Or maybe the browser window had been inadvertently
 resized <-- I suspect this

 Long story short, the fingerprintjs2 techniques are all covered, and if
 their "unique fingerprint" isn't very stable, then they're not doing a
 very good job at it :) But I don't suspect that's the case: TB doesn't
 (yet) use randomizing.

 At the end of the day: there's **nothing** here that isn't known about and
 covered. Paste `view-source:https://brax.me/geo/fingerprint2.js` into the
 urlbar, scroll almost to the end (very end and page up twice) and look at
 the `var components` list

 Maybe keep a record of the FP hashes: and check your inner window res at
 the same time

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/31512#comment:11>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list