Opened 17 months ago

Last modified 17 months ago

#18500 new task

Investigate impact of fingerprinting via getClientRects()

Reported by: gk Owned by: tbb-team
Priority: High Milestone:
Component: Applications/Tor Browser Version:
Severity: Major Keywords: tbb-fingerprinting
Cc: mcs Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

http://jcarlosnorte.com/security/2016/03/06/advanced-tor-browser-fingerprinting.html claims that getClientRects() provides a lot of differences between two computers. This is "[d]epending on the resolution, font configuration and lots of other factors".

We should investigate how problematic that method is keeping in mind that we are currently not aiming at hiding the platform a user is on and that we do font normalization and rounding of the content window on start-up and a bunch of other things.

I asked the author of the blog post to explain the differences on the two computers he got, taking the things I mentioned above into account but we got no reply so far.

Child Tickets

Change History (4)

comment:1 Changed 17 months ago by mcs

  • Cc mcs added

comment:2 follow-up: Changed 17 months ago by cypherpunks

we are currently not aiming at hiding the platform a user is on

WTF, are you really aren't? Are you also not aiming at hiding the identity of a user?

Last edited 17 months ago by cypherpunks (previous) (diff)

comment:3 in reply to: ↑ 2 Changed 17 months ago by gk

Replying to cypherpunks:

we are currently not aiming at hiding the platform a user is on

WTF, are you really aren't? Are you also not aiming at hiding the identity of a user?

It is not that it isn't on our radar. If you want to help: https://trac.torproject.org/projects/tor/query?status=!closed&keywords=~tbb-fingerprinting-os has bugs to start with.

comment:4 Changed 17 months ago by cypherpunks

Note: See TracTickets for help on using tickets.