[tor-talk] Tor browser can be fingerprinted

Asa Rossoff asa at lovetour.info
Thu Sep 12 23:31:40 UTC 2013


>From Marthin Miller, Thursday, September 12, 2013 10:58 UTC:
> window size is really unique specially in resized virtual machines. lots
of people
> don't know about this window size problem! lets assign a uniform size to
the Tor
> browser window which popup automatically after connecting to network and
warn
> users about how unique screen size can be when they click on maximize
button...
> because even if we use Tor browser carefully but other Tor users make
mistake,
> still we're unique as others don't have my screen size... 
> (default screen size is 1000x674 hmm?)

One idea I have is to support only two pixel resolutions, but allow the
window to be resized.  Use the pixel resolution that is at or higher than
the current window size, and use the full-page scaling feature.

I don't have the stats (widely available) on normal screen resolutions, or
more importantly perhaps (unless both figures are available by script or
some other means), the available display area, which we could determine the
likely such display areas for Firefox browsers and limit to that.  And even
allow sidebars, toolbars, etc., but always report one of the two screen and
display areas.

For screen sizes, as I recall:
800x600 is almost unused now
1024x768 is also not most common anymore
1280x720 or 1280x960 may be most common by a fair bit??

Typical users have displays ranging from 1024x768 to 1920x1080 or 1920x1200
(with some users having even high resolutions such as ~2560xN). 16:9
displays are the most common on new laptops for several years, with 16:10
being most common before that and possibly most common for desktops still...
4:3 is used in only a minority of laptops, and I suspect laptop use
surpasses desktop use.  In any case, the current estimates are widely
available, as logged by a couple of major sites, and surely some minor sites
as well.

My thought is have it appear that all Tor users have either:
(A) the most common resolution display/display area (resize the window to
maintain proportion when toolbars/sidebars/menus modified or user resizes
the window), or;
(B) a common wide-screen high resolution display, e.g. 1920x1080 (choice to
be made after considering popularity statistics and balancing with usability
for actual Tor high-res users).

With both options, enforce fixed to one of the two display area proportions
(nearest) and virtual resolutions (>= actual).  Full-page scale
automatically to actual resolution.  Allow user to scale page by normal
means from their if they wish, unless that would expose the user in some
way.

Handle full-screen mode similarly, but if the user's display aspect ratio is
different than one of the two supported ones, part of the display should be
unusable and resolution unnoticable to websites or scripts.  (e.g. 16:9
"full screen" on a 16:10 display will have black top and bottom bars than
cannot be measured or used by websites).  In full-screen mode it is
acceptable to support the full emulated display resolution.

Asa



More information about the tor-talk mailing list