Opened 5 years ago

Closed 5 years ago

#13874 closed task (fixed)

Investigate possible DPI spoofing bypass

Reported by: gk Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Keywords: tbb-fingerprinting
Cc: isis Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

OxPoly on twitter claims being able to get the actual DPI of a device while the user is running Tor Browser. The PoC is:

var devicePixelRatio = window.devicePixelRatio || 1;
dpi_x = document.getElementById('testdiv').offsetWidth * devicePixelRatio;
dpi_y = document.getElementById('testdiv').offsetHeight * devicePixelRatio;

alert(dpi_x);

We should verify and if it is indeed an issue fix that.

Child Tickets

Change History (2)

comment:1 Changed 5 years ago by isis

The zoom level can be inferred, see #13875.

comment:2 Changed 5 years ago by isis

Resolution: fixed
Status: newclosed
Note: See TracTickets for help on using tickets.