Opened 2 weeks ago

Last modified 2 weeks ago

#32875 new defect

alpha vs stable branding entropy

Reported by: Thorin Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: tbb-fingerprinting
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Since 8.5a7 (Jan 30th 2019) and 9.0a1+ (Mar 21 2019), TB alpha builds got a different chrome://branding/content/about-wordmark.svg - one that says "nightly"

This file can be read and measured: easily distinguishing alpha from stable users

Note: there will always be easy entropy between major ESR versions (such as feature detection changes e.g. between ESR60 vs ESR68).

This is about the (much longer?) periods where alpha and stable are on the same ESR base - like right now. While there will possibly be *some* changes between these, FP'ers would have to work hard and keep up to date: and not all would necessarily be FP'able. Whereas this method (measuring a contentaccessible resource) means no upkeep and 100% reliable.

Whether or not TB stays on ESR cycles or moves to 4-weekly cycles has an impact.

For TB alpha users (I assume a small percentage and thus the entropy would be very high), it would be nice to lock this off.

I'm not even sure where this is used, if at all: I don't see it displayed anywhere (it's not in about:tor or Help>About Tor Browser). I'm sure there was a reason it was changed, I just don't know that reason. Would limiting this particular branding to system principal content work?

PoC
You can see it in action at https://ghacksuserjs.github.io/TorZillaPrint/TorZillaPrint.html#useragent

The svg is displayed under [css] branding and the js determination and measurements are under [resource://] browser

I'll post a pic and leave it up to you guys

Child Tickets

Attachments (1)

branding.png (28.6 KB) - added by Thorin 2 weeks ago.
stable 9.02 on top, alpha 9.5a3 on bottom

Download all attachments as: .zip

Change History (2)

Changed 2 weeks ago by Thorin

Attachment: branding.png added

stable 9.02 on top, alpha 9.5a3 on bottom

comment:1 Changed 2 weeks ago by Thorin

Priority: LowMedium
Note: See TracTickets for help on using tickets.