Opened 4 years ago

Closed 4 years ago

#12715 closed task (not a bug)

Treat fingerprinting fixes like other security fixes: trigger TBB release

Reported by: cypherpunks Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Keywords:
Cc: gk Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Proposal: Treat anti-fingerprinting bugfixes like any other security bugfix with regards to prioritization and release management.

For instance, when an anti-fingerprinting fix lands in git, whether as a Tor Button update or as a mere Tor Browser default pref change, this should trigger a new Tor Browser Bundle release incorporating the fix, even if no other component needs updating.

Deanonymizing users through fingerprint leaks is becoming a realistic threat as the advertising industry consolidates and transforms itself into a tracking industry offering advertising as a sort of higher layer service. And we should assume that all kinds of other adversaries are already closely watching the tbb-fingerprinting tag.

Child Tickets

Change History (4)

comment:1 Changed 4 years ago by cypherpunks

In a way, fingerprinting bugs are even more urgent than other security bugs: If you're worried as a user about a conventional security bug, you can backport the fix locally and use that until there's an upstream release. Whereas locally backporting an anti-fingerprinting bugfix will, perversely, make you more fingerprintable.

Last edited 4 years ago by cypherpunks (previous) (diff)

comment:2 Changed 4 years ago by gk

Cc: gk added

I am not convinced that every fingerprinting fix should trigger a new release. That might be an idea worth thinking about for high-entropy attributes but not all (or better: not much) fingerprinting attributes are of this kind.

comment:3 Changed 4 years ago by cypherpunks

Fair enough, but it can be labor intensive to find out how much entropy is leaked. For example, does #9881 give you

  • "Only" the screen size?
  • Clues about the OS / desktop environment / window manager (not all allow oversized windows)?
  • The OS / desktop environment toolbar size?

Evaluating a bug's severity would involve writing a custom-tailored, robust to the point of almost being weaponized, fingerprinter. Assuming that TBB development had the manpower to do that, then after even more days spent on that we find out that it really is serious. Oops...

I feel like the question "Does this fingerprinting bug really have high entropy?" is analogous to "Does this use-after-free or whatever really give someone remote code execution?" in that it may usually be more realistic to err on the side of caution, assume "yes", and just start the release build.

Last edited 4 years ago by cypherpunks (previous) (diff)

comment:4 Changed 4 years ago by mikeperry

Keywords: tbb-fingerprinting removed
Resolution: not a bug
Status: newclosed
Note: See TracTickets for help on using tickets.