Opened 20 months ago

Last modified 20 months ago

#29564 new defect

DOMRect on at least Linux is not consistent

Reported by: Thorin Owned by: tbb-team
Priority: High Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: tbb-fingerprinting
Cc: mcs Actual Points:
Parent ID: Points:
Reviewer: Sponsor:


Test site:

Note: this is the same code as used by [2] which is based on [3]


I expect differences between OS (Windows vs Linux vs macOS etc), but not between platforms (Ubuntu vs Debian). My test suite is not definitive, so there may be others: results


Mint, Ubuntu, openSUSE

not good

Child Tickets

Change History (4)

comment:1 Changed 20 months ago by gk

Keywords: tbb-fingerprinting added; tbb-fingerprinting-os removed
Priority: MediumHigh

comment:3 Changed 20 months ago by gk

Cc: mcs added

Seems this is actually a duplicate of #18500. I guess we dupe the older ticket to this one, though, as we have more info here.

Useful info in the #18500 description is:

​ claims that getClientRects() provides a lot of differences between two computers. This is "[d]epending on the resolution, font configuration and lots of other factors".

comment:4 Changed 20 months ago by flngerprlnt

Not only DOMRect readouts of HTML elements (text transformations, buttons, progress elements, ...) itself are fingerprintable

but DOMRect also makes for example

MathML Fingerprinting (
Emoji Fingerprinting (

more effective.

Note: See TracTickets for help on using tickets.