Opened 4 years ago

Closed 4 years ago

Last modified 4 years ago

#18046 closed defect (duplicate)

how to protect anonymity of users using menu / bookmarks bars?

Reported by: zorlaguzellikolmaz Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: tbb-fingerprinting-resolution
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

I am concerned that users adding a menu bar or a bookmarks bar to their tor browser may be reporting smaller and trackable window heights to websites. I am not sure if this is the case, but I suspect so.

I'd make the case that reporting a set window size to websites regardless of what the actual Tor window is is the safest option. An extra button between minimize and maximize could resize the window to the expected size when needed.

Another reason to consider this option is that well-meaning users trying to move the window sometimes wind up resizing it without intent, or in trying to resize it dispell the warning and work in another size window. This is difficult to avoid with trackpads, which are prone to drag-and-drop errors. And then the user must choose between restarting the browser and losing work or potentially not even realise it and continue working in a compromised manner.

Child Tickets

Change History (3)

comment:1 Changed 4 years ago by teor

Component: - Select a componentTor Browser
Owner: set to tbb-team

comment:2 Changed 4 years ago by bugzilla

Keywords: tbb-fingerprinting-resolution added
Resolution: duplicate
Status: newclosed

Closed as a duplicate of #16456.

comment:3 in reply to:  description Changed 4 years ago by gk

Replying to zorlaguzellikolmaz:

I am concerned that users adding a menu bar or a bookmarks bar to their tor browser may be reporting smaller and trackable window heights to websites. I am not sure if this is the case, but I suspect so.

Yes, it is.

I'd make the case that reporting a set window size to websites regardless of what the actual Tor window is is the safest option. An extra button between minimize and maximize could resize the window to the expected size when needed.

I think this is not going to work apart from the fact that basically no user will ever understand this additional button given that this is not how they are trained to use browsers and other applications.

Another reason to consider this option is that well-meaning users trying to move the window sometimes wind up resizing it without intent, or in trying to resize it dispell the warning and work in another size window. This is difficult to avoid with trackpads, which are prone to drag-and-drop errors. And then the user must choose between restarting the browser and losing work or potentially not even realise it and continue working in a compromised manner.

This is a concern, yes. We are working on a solution to this in #14429.

Note: See TracTickets for help on using tickets.