Opened 4 years ago

Closed 4 years ago

#16760 closed defect (worksforme)

TBB leaking window size with CSS only

Reported by: cypherpunks Owned by: tbb-team
Priority: High Milestone:
Component: Applications/Tor Browser Version:
Severity: Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

You can determine a user's window size with CSS only. See https://arthuredelstein.github.io/tordemos/media-query-fingerprint.html for a live demo. I just tested in Tor Browser and it can still show me my window size with security slider on high and all scripts disabled.

I know Tor probably knows about this given the github url but is there an existing ticket already or implementation taking place? I cannot find it.

Child Tickets

Change History (1)

comment:1 in reply to:  description Changed 4 years ago by gk

Resolution: worksforme
Status: newclosed

Replying to cypherpunks:

You can determine a user's window size with CSS only. See https://arthuredelstein.github.io/tordemos/media-query-fingerprint.html for a live demo. I just tested in Tor Browser and it can still show me my window size with security slider on high and all scripts disabled.

Works for me. The test shows a window size rounded to multiples of 200 or 100 as it should. My guess is that you resized your window and then did the test. This case is not handled yet. See: #14429 for work-in-progress in this area.

Note: See TracTickets for help on using tickets.