Opened 6 years ago

Closed 6 years ago

#13636 closed defect (duplicate)

Screen size leaking fingerprinting information

Reported by: KarelBilek Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

As visible in here

https://panopticlick.eff.org/

TBB is leaking information about me via screen size. Screen size is leaked only with JS enabled; however, it uniquely fingerprints me. (When I resize the window the screen size info is changed.)

It essentially defeats the purpose of using Tor, since it fingerprints me uniquely.

I am not sure what to do with it, since it probably is needed for JavaScript to work. One thing that would be possible is to force only certain window sizes for everybody across operating systems.

Child Tickets

Change History (12)

comment:1 Changed 6 years ago by KarelBilek

I see that it's already here

#13025

comment:2 Changed 6 years ago by KarelBilek

(my current solution is to turn off the javascript altogether until this is solved)

comment:3 Changed 6 years ago by KarelBilek

Screen size is evidently "faked" from window size, as mentioned in #13025

comment:4 Changed 6 years ago by KarelBilek

Component: - Select a componentTor Browser
Owner: set to tbb-team

comment:5 Changed 6 years ago by KarelBilek

Oh. It seems like it's a copy of this 3 year old bug

#4810

that nobody seems to be fixing..... all right then

comment:6 Changed 6 years ago by KarelBilek

It seems like the best solution is *not resize the Tor window* after it starts (since it automatically uses factors of 100).

I wish someone told me that before. It *should* be in some FAQ at least; the first thing I do all the time is resizing the browser window. I will not do that from now on.

comment:7 Changed 6 years ago by gacar

Resizing your Tor Browser windows is safe, unless you resize it to the same dimensions every time (e.g. maximizing). Although the Panopticlick reports that your screen dimensions are unique, this cannot be used to recognize your browser, unless it exhibits the same dimensions on every session.

comment:8 in reply to:  7 Changed 6 years ago by KarelBilek

Well, what I do is maximizing.

But because I have several panels on the left and on the top, the window gets always resized to a non-standard size, but the same size every time with every session.

As I said, I did not realize before that it could be a problem, and it seems to me as an information leak, but I will not maximize the window again.

comment:9 Changed 6 years ago by KarelBilek

It should be, in my opinion, at least mentioned somewhere as a possible leak. (Something like Do not maximize your Tor window, or it's possible to link two different Tor sessions.)

Normally, you don't expect maximizing to leak information.

Last edited 6 years ago by KarelBilek (previous) (diff)

comment:10 in reply to:  9 Changed 6 years ago by gacar

Replying to KarelBilek:

It should be, in my opinion, at least mentioned somewhere as a possible leak. (Something like Do not maximize your Tor window, or it's possible to link two different Tor sessions.)

You're right, but #7255 already tracks this. Is your case different than that?

comment:11 Changed 6 years ago by KarelBilek

A, I did not find that issue. Thanks for pointing it out, I will close this then.

comment:12 Changed 6 years ago by KarelBilek

Resolution: duplicate
Status: newclosed
Note: See TracTickets for help on using tickets.