[tor-commits] [tor-browser-spec/master] Mention OS type fingerprinting in the fingerprinting section.

mikeperry at torproject.org mikeperry at torproject.org
Sat Nov 1 05:51:38 UTC 2014 

commit 73b45c0680c865bae64936f0bd41c3757bdf7d2f
Author: Mike Perry <mikeperry-git at torproject.org>
Date:   Fri Oct 31 22:51:21 2014 -0700

    Mention OS type fingerprinting in the fingerprinting section.
---
 design-doc/design.xml |   34 ++++++++++++++++++++++++++++++++++
 1 file changed, 34 insertions(+)

diff --git a/design-doc/design.xml b/design-doc/design.xml
index b8c67d9..9ff1b89 100644
--- a/design-doc/design.xml
+++ b/design-doc/design.xml
@@ -1902,6 +1902,40 @@ fingerprinting: timestamp quantization and jitter.
 We have no implementation as of yet.
      </para>
     </listitem>
+    <listitem>Operating System type fingerprinting
+     <para>
+
+As we mentioned in the introduction of this section, OS type fingerprinting is
+currently considered a lower priority, due simply to the numerous ways that
+characteristics of the Operating System type may leak into content, and the
+comparatively low contribution of OS to overall entropy. In particular, there
+are likely to be many ways to measure the differences in widget size,
+scrollbar size, and other rendered details on a page. Also, directly exported
+OS routines, such as the Math library, expose differences in their
+implementations due to these results.
+
+
+     </para>
+     <para><command>Design Goal:</command>
+
+We intend to reduce or eliminate OS type fingerprinting to the best extent
+possible, but recognize that the effort for reward on this item is not as high
+as other areas. The entropy on the current OS distribution is somewhere around
+2 bits, which is much lower than other vectors which can also be used to
+fingerprint configuration and user-specific information.
+
+     </para>
+     <para><command>Implementation Status:</command>
+
+We have no defenses deployed that address OS type fingerprinting, but nothing
+else. Several defenses may help also mitigate it, in addition to reducing a
+lot more entropy elsewhere. You can see the major areas of OS fingerprinting
+we're aware of using the tag <ulink
+url="https://trac.torproject.org/projects/tor/query?keywords=~tbb-fingerprinting-os">tbb-fingerprinting-os
+on our bugtracker</ulink>.
+
+     </para>
+    </listitem>
    </orderedlist>
    </sect3>
    <para>

More information about the tor-commits mailing list