Opened 3 months ago

Last modified 3 months ago

#30287 new defect

Tracking users with any asset

Reported by: cyberpunks Owned by: tbb-team
Priority: Very High Milestone:
Component: Applications/Tor Browser Version:
Severity: Critical Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

https://github.com/wybiral/tracker
https://wybiral.github.io/code-art/projects/tiny-mirror/

POC tracks users with javascript disabled such as duration a tab with website is open.

Tor Browser should defend against this and probably also needs to be reported or fixed upstream to Firefox.

Child Tickets

Change History (2)

comment:1 Changed 3 months ago by cyberpunks

Other ways to track included too check link.

comment:2 Changed 3 months ago by tom

There are lots of ways this could be accomplished, like loading images as they come into view on a page while scrolling, or trickling bytes back to the client for a subresource. This does not strike me as a defensible barrier to try to secure.

Note: See TracTickets for help on using tickets.