Canvas Fingerprinting: fonts
As I know, TBB blocks ctx.getImageData. But I think it is not enough. Look at this. https://web.archive.org/web/20141016035848/https://gist.github.com/KOLANICH/00b9145743d841cff4d7 I tried this, the fingerprint survives restart of TBB. I don't know, wheither this fingerprint can be used to identify user's OS (at least it can be used to identify fonts) and hardware, but it is differen than the one generated with the browser in the OS.
Activity
Thanks for making a demo. I think the measureText method was already noticed and fixed in #13021 (moved). There is a similar demo at measureTextFP.html:ticket:13021.
Also see #13313 (moved), which should reduce fingerprintability of fonts in general. There is a test bundle in comment:1:ticket:13313 (but only for GNU/Linux so far); you could see if you get a consistent fingerprint with it on different hosts.
There are several things going on here. The fingerprinter.html page uses page reload / iteration and a cookie to defeat TBB's max_font preferences. It also uses canvas measureText() to generate its fingerprints, which has the advantage that it returns a floating point value for width. This may be better than using something like offsetWidth of a (which as far as we can tell only provides integer width values), but we were able to get similar fingerprinting results without a canvas.
We could change canvas measureText() to return a rounded number or disable it entirely, but it may not be worth it. A real solution will require fixing #13313 (moved) or another approach.
Replying to mcs: ...
We could change canvas measureText() to return a rounded number or disable it entirely, but it may not be worth it. A real solution will require fixing #13313 (moved) or another approach.
Wouldn't it make sense to put the
measureText()behind the canvas dialog until we get the bundled fonts ready? I thought this was the idea in #13021 and I assume #13313 (moved) may take some time, though, dcf may have a better estimate.-
Replying to gacar:
Wouldn't it make sense to put the
measureText()behind the canvas dialog until we get the bundled fonts ready? I thought this was the idea in #13021 and I assume #13313 (moved) may take some time, though, dcf may have a better estimate.The reason I am not convinced that it is worthwhile to put measureText() behind the canvas prompt is that Kathy Brade and I were able to get similar fingerprinting results without using canvas at all (by getting the width of DOM elements like that contain text). We would be blocking one fingerprinting vector while leaving an (arguably) even easier one open.
http://fiddle.jshell.net/fyw4qmdg/5/show/ (editable version is http://jsfiddle.net/fyw4qmdg/5/) is a fiddle of that PoC (published by KOLANICH at http://geektimes.ru/post/244484/)
Trac:
Keywords: N/A deleted, tbb-fingerprinting addedSee also #14310 (moved)
This is something that will make for a useful testcase for TBB, but it is not a new fingerprinting vector in and of itself. As for solutions, I think my favorite is #13313 (moved).
Trac:
Keywords: tbb-fingerprinting deleted, tbb-testcase addedI have improved the article and translated it into English. https://github.com/KOLANICH/Article-2015-Dull-captaincy-or-the-way-Tor-Project-fights-browser-fingerprinting https://www.sharelatex.com/github/repos/KOLANICH/Article-2015-Dull-captaincy-or-the-way-Tor-Project-fights-browser-fingerprinting/builds/44e474be624ca3bb65d1b1fbeb95abd1de8c5d13/raw/output.pdf
Replying to cypherpunks:
I have improved the article and translated it into English. https://github.com/KOLANICH/Article-2015-Dull-captaincy-or-the-way-Tor-Project-fights-browser-fingerprinting https://www.sharelatex.com/github/repos/KOLANICH/Article-2015-Dull-captaincy-or-the-way-Tor-Project-fights-browser-fingerprinting/builds/44e474be624ca3bb65d1b1fbeb95abd1de8c5d13/raw/output.pdf
Hi cypherpunks, can you try your technique against the bundles in comment:1:ticket:13313? They are only for GNU/Linux at this point. https://people.torproject.org/~dcf/pt-bundle/4.0-alpha-3-fonts-1/
Could you test your canvas technique against 5.5a1? https://blog.torproject.org/blog/tor-browser-55a1-released. It uses standardized fonts that should defend against this fingerprinting vector.
Trac:
Status: new to needs_informationThere's at least one vendor who uses measureText for font probing/fingerprinting. http://mathid.mathtag.com/device/id.js
So it'd be great to round its result, or ask for permission.
Hi cypherpunks My nickname is KOLANICH, the account is not mine, but the shared one. Please, use the issues of the repo (https://github.com/KOLANICH/Article-2015-Dull-captaincy-or-the-way-Tor-Project-fights-browser-fingerprinting/issues), because I dont visit this bug tracker often. Also, you can test yourselves, just clone (or download) the repo and open fingerprinter.html. PRs are also welcome.
your technique The technique is not mine, I've only found a flaw in the defence and modified the technique from the paper [MS12].
can you try your technique against the bundles 4.0 against 5.5a1? https://blog.torproject.org/blog/tor-browser-55a1-released. It uses standardized fonts that should defend against this fingerprinting vector. Tested aganst 5.5a1.
Doesn't defend.
Replying to cypherpunks:
Doesn't defend.
Different cypherpunks here. All of these are down. Does anyone have a backup, or a link to an alternate repo?
Trac:
Reviewer: N/A to N/ATrac:
Description: As I know, TBB blocks ctx.getImageData. But I think it is not enough. Look at this. https://gist.github.com/KOLANICH/00b9145743d841cff4d7 I tried this, the fingerprint survives restart of TBB. I don't know, wheither this fingerprint can be used to identify user's OS (at least it can be used to identify fonts) and hardware, but it is differen than the one generated with the browser in the OS.to
As I know, TBB blocks ctx.getImageData. But I think it is not enough. Look at this. https://web.archive.org/web/20141016035848/https://gist.github.com/KOLANICH/00b9145743d841cff4d7 I tried this, the fingerprint survives restart of TBB. I don't know, wheither this fingerprint can be used to identify user's OS (at least it can be used to identify fonts) and hardware, but it is differen than the one generated with the browser in the OS.
