Opened 10 months ago

Closed 9 months ago

Last modified 8 months ago

#29566 closed defect (duplicate)

math.cos reveals OS

Reported by: Thorin Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: tbb-fingerprinting-os
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

part1: background / obsolete code?

I can't find the old ticket, but it's probably relevant- it was about the implementation of higher math functions

see: https://ghacksuserjs.github.io/TorZillaPrint/TorZillaPrint.html#math
also see: https://fpcentral.tbb.torproject.org/fp

However (unless I made a mistake), I see no difference in these returned values in a vanilla ESR60, or FF60 thru to 66 as compared to Tor Browser. So I am not sure if the old patch is still required, or has even been rebased.

asinh(1) 0.8813735870195429
acosh(1e300) Infinity
atanh(0.5) 0.5493061443340548
expm1(1) 1.7182818284590455
cbrt(100) 4.641588833612778
log1p(10) 2.3978952727983707
sinh(1) 1.1752011936438016
cosh(10) 11013.232920103324
tanh(1) 0.7615941559557649

part2: math.cos Windows: FF vs TB

results: see attachment
test: https://thorin-oakenpants.github.io/testing/ (for as long as I leave it there)

I do not know if that ticket/patch causes this, but there is a difference between TB vs FF for no discernible reason (e.g Linux doesn't differ between FF and TB)

Look at the first result. FF: minus 0.374... vs TB plus 0.840...

part3: math.cos reveals platform

finally, to the meat and potatoes. See attachment. I'm using math.cos because it always returns a value between -1 and 1 (i.e no NaN or Infinity). The following tests show that, so far, the last four values can be used to detect windows or Linux, and so far one Android major version (v5.*). I am fully expecting the first four value to betray other Android and macOS/macOS X. My testing is incomplete, but enough to prove os FP'ing

Child Tickets

Attachments (1)

math-cos.png (32.7 KB) - added by Thorin 10 months ago.
math cos results

Download all attachments as: .zip

Change History (7)

Changed 10 months ago by Thorin

Attachment: math-cos.png added

math cos results

comment:1 Changed 10 months ago by cypherpunks

comment:2 in reply to:  1 Changed 10 months ago by Thorin

Replying to cypherpunks:

#13018

Thanks :) Yup, that was the ticket. Wow, 4 years. That ticket is about the functions added in FF25+ - e.g like those in https://ghacksuserjs.github.io/TorZillaPrint/TorZillaPrint.html#math - which doesn't seem to differ in 60+ anyway (those FF25+ functions probably need more testing I guess)

Also note, that sin() can also have differences, I'm just not sure on which values over which platforms produce the desired results (and I could probably find more functions) - I'm sure the solution for this would fix any functions, so I'm not going to dig any further (except to show combos for mac and other android versions using cos)

Edit: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Math#Browser_compatibility

  • cos, sin etc were FF version 1 compatible
Last edited 10 months ago by Thorin (previous) (diff)

comment:3 Changed 9 months ago by gk

Resolution: duplicate
Status: newclosed

Let's track this in #13018.

comment:4 Changed 9 months ago by Thorin

Did you want to reference this ticket to that one - or would you like me to post some info to that ticket (when I'm ready).

I have done more testing - i.e with relevant builds (TB8, ESR60, FF60-66). Been checking 32bit builds on 64bit platforms (windows) and 32bit builds on 32bit platforms (Linux, windows). And not just the cos values I have, but also the higher math functions. I haven't completed my data set, but there's some interesting developements

Please advise

EDIT: nvm, I was too hasty :) You already did it while I wrote this

Last edited 9 months ago by Thorin (previous) (diff)

comment:5 Changed 8 months ago by cypherpunks

nice find neat. please remember tbb android too

comment:6 Changed 8 months ago by Thorin

This is interesting: https://bugzilla.mozilla.org/show_bug.cgi?id=1380031 (FF68+)

Actual results:
2.718281828459045, 2.7182818284590455, false
Expected results:
2.718281828459045, 2.718281828459045, true

Note the extra decimal place. Now look at what I've been using for exmp1(1)

windows/mac/android
1.7182818284590455
linux TB32bit, 64bit, Firefox 32bit linux:
1.718281828459045

Note the extra decimal place and the exact same decimal data.

So I wonder if what they did changes all the FP'ing that leaks 64/32 builds and 64/32 OS architecture.

Will have a play on 68 later. This doesn't affect any of the ECMAScript 1st Edition FP'ing, but may neutralize the 6th Edition ones (I found only three equations that varied, the one above was one of them) - and both editions were required to get the extra entropy.

Will advise - watch this space

Note: See TracTickets for help on using tickets.