#27580 closed defect (duplicate)

Tor Browser 8.0 lacks fingerprint hiding feature

Reported by: aka Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Critical Keywords: fingerprint, browser, original, notsecure
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

I recently surfed to https://panopticlick.eff.org/ and looked out for my Tor Browser Bundle fingerprint.

I'm using TBB on my 64-bit Linux machine, so the result was Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0 instead of some kind of "faked" fingerprint that shows that my machine would be a Microsoft Windows computer.

I ran the same test in the previous version of TBB that I had before the update procedure gave me the 8.0 version, I didn't had the bug that my original browser fingerprint was leaked to the server I was connecting to.

I downloaded TBB 8.0 also as a fresh instance from torproject.org with the same result.

This breaks anonymity because a web server knows your real system & architecture. I don't know if this is only the case for the Linux variant of the browser because I don't have access to Mac OS or Windows machines right now. I furthermore only tested the 64 bit variant.

I hope that this is not one of the new "features" that were included in version 8.0 ...

Child Tickets

Change History (2)

comment:1 Changed 13 months ago by cypherpunks3

See #26146, this is a known change in Firefox 59 and higher.

comment:2 Changed 13 months ago by gk

Resolution: duplicate
Status: newclosed

Duping this over.

Note: See TracTickets for help on using tickets.