Opened 4 months ago

Closed 4 months ago

#25451 closed defect (duplicate)

Tor window size leaks information

Reported by: cypherpunks Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Tor's default browser size is too small and resizing can leak information, because resizing to a common internal window size is difficult. The window size quantizing that tor browser does/used to do (I can't get it to work in this latest version, 7.0.7) was never very good anyway, and typically resulting in fairly unique fingerprints as per EFF panopticlick.

A workaround is to somehow get the internal window size (the size of the content window, sans toolbars and etc), and make it a common monitor resolution by resizing the window to that size + the size of the toolbars, for example I have been using:

until xdotool search --name "About Tor - Tor Browser" windowsize 1920 1183 ; do
  sleep 0.5;
done

on tor browser startup which gives me an internal window size of 1920x1080, which panopticlick says has only 2.44 bits of identifying information (1/5 browsers share this value, supposedly).

However, this is fragile, and minuscule changes to font rendering settings that change font sizes by so much as a pixel can completely throw this off and result in an extremely unique browser fingerprint.

I can think of a few ways this might be solved, some of which may work in combination with each other:

  • Have a setting in Tor Browser for a fixed content window size, which will resize the whole window to fit
  • Have some kind of prompt for the user to choose between common browser content window sizes (is there information anywhere on which sizes are the most common?)
  • Default to the largest common browser window size, and on resize snap the window size to other common browser content window resolutions

Most of these involve knowing ahead of time which browser content window sizes are common however, which I couldn't find online.

Child Tickets

Change History (3)

comment:1 Changed 4 months ago by cypherpunks

Have some kind of prompt for the user to choose between common browser content window sizes

That would allow easier fingerprinting. It's not just about your results on panopticlick, if there's only one Tor user who regularly visits some evil site foo.com and his browser size is always unique and differs from the TB standard, then he's easily fingerprintable.

Default to the largest common browser window size, and on resize snap the window size to other common browser content window resolutions

Not everyone has 4K monitors, most folks are still on on 1366x768, 1920x1080, 1600x900, 1280x1024, 1440x900, 1280x800 https://hardware.metrics.mozilla.com/

Last edited 4 months ago by cypherpunks (previous) (diff)

comment:2 Changed 4 months ago by cypherpunks

Component: - Select a componentApplications/Tor Browser
Owner: set to tbb-team

comment:3 in reply to:  description Changed 4 months ago by gk

Resolution: duplicate
Status: newclosed

Replying to cypherpunks:

Tor's default browser size is too small and resizing can leak information, because resizing to a common internal window size is difficult. The window size quantizing that tor browser does/used to do (I can't get it to work in this latest version, 7.0.7) was never very good anyway, and typically resulting in fairly unique fingerprints as per EFF panopticlick.

You should update your Tor Browser as version 7.0.7 is meanwhile full of serious and known security bugs.

A workaround is to somehow get the internal window size (the size of the content window, sans toolbars and etc), and make it a common monitor resolution by resizing the window to that size + the size of the toolbars, for example I have been using:

until xdotool search --name "About Tor - Tor Browser" windowsize 1920 1183 ; do
  sleep 0.5;
done

on tor browser startup which gives me an internal window size of 1920x1080, which panopticlick says has only 2.44 bits of identifying information (1/5 browsers share this value, supposedly).

However, this is fragile, and minuscule changes to font rendering settings that change font sizes by so much as a pixel can completely throw this off and result in an extremely unique browser fingerprint.

I can think of a few ways this might be solved, some of which may work in combination with each other:

  • Have a setting in Tor Browser for a fixed content window size, which will resize the whole window to fit

You can already do that by using privacy.window.maxInnerWidth and privacy.window.maxInnerHeight. Not sure how many folks are using them, though. You might stand out quite a bit.

  • Have some kind of prompt for the user to choose between common browser content window sizes (is there information anywhere on which sizes are the most common?)
  • Default to the largest common browser window size, and on resize snap the window size to other common browser content window resolutions

Most of these involve knowing ahead of time which browser content window sizes are common however, which I couldn't find online.

Yes, and that is part of the problem. I still think we should get #14429 working and try if that fits the needs of our users. Marking this one as a duplicate.

Note: See TracTickets for help on using tickets.