Opened 10 years ago

Closed 4 years ago

#1382 closed defect (not a bug)

Resize to a multiple of 50px can't be turned off and seems to make browser fingerprinting possible

Reported by: anonymous Owned by:
Priority: Very Low Milestone: Torbutton: 1.2.5
Component: Applications/Torbutton Version: Torbutton: 1.2.5
Severity: Normal Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

http://panopticlick.eff.org/ gives a quick overview over information that can be used to identify your browser pretty easy if some of your settings are quite unique. Unfortunately, the only thing that makes my browser unique seems to be the window size.
With tor deactivated it says "one of 27" browsers has the resolution 1920x1200x24, which is my native resolution, with tor it says that the resolution 1900x1000x24 is unique. When I turn off the resizing feature in the settings, I still have this weird resolution that seems to do what it's supposed to avoid, namely weaken anonymity.

I don't know if the fact that the resolution 1900x1000x24 shall be unique is a flaw of the Panopticlick calculations, but at least it seems to be a bug that I can't disable the resizing although turning it off in the options. And I don't get the sense of rounding a native screen resolution.

Child Tickets

Change History (3)

comment:1 Changed 10 years ago by erinn

Component: Tor-TorbuttonTorbutton-Backend / Core

comment:2 Changed 10 years ago by mikeperry

Priority: majortrivial

See https://blog.torproject.org/blog/effs-panopticlick-and-torbutton. This is not a bug, but I will leave this bug open with a really low priority to prevent the inevitable endless barrage of dups.

See also #1282, which is a feature request to handle this slightly differently. We may end up just wanting to give in and report a common desktop resolution like I say in that bug. Too many people see EFFs page and get confused. We probably should just splinter the anonymity sets slightly.

comment:3 Changed 4 years ago by bugzilla

Keywords: 50px resize browser fingerprinting removed
Resolution: not a bug
Severity: Normal
Status: newclosed
Note: See TracTickets for help on using tickets.