Opened 17 months ago

Last modified 14 months ago

#7562 new defect

Toggling toolbars leads to reduced anonymity.

Reported by: malaparte Owned by: mikeperry
Priority: normal Milestone:
Component: TorBrowserButton Version:
Keywords: tbb-fingerprinting Cc: hack@…
Actual Points: Parent ID:
Points:

Description

If you visit panopticlick.eff.org from the TBB, you're roughly in an anonymity set of 1 in every 4000 users. Now turn off a toolbar in View>Toolbars and your fingerprint is unique or 1 in a million or so. Subsequent restarts of TBB do not toggle the toolbar back to default setting.

I suggest making toggling menu / navigation bars impossible in the TBB.

A scenario where this matters is a case when a user finds their anonymity compromised by accidentally toggling the menu bar off (like I did).

Child Tickets

Change History (4)

comment:1 follow-up: Changed 17 months ago by malaparte

I'm doing some googling to figure out how we can change this now, but I know almost nothing about Firefox.

comment:2 in reply to: ↑ 1 Changed 17 months ago by malaparte

Replying to malaparte:

I'm doing some googling to figure out how we can change this now, but I know almost nothing about Firefox.

I set up something to listen for file modifications and it seems that the file being modified is...

tor-browser_en-US/Data/profile/localstore.rdf

Version: 2.2.39-5 686 md5sum of the tarball 4109ccbcc43a2e644b1a11496fbc54ef

comment:3 Changed 17 months ago by mikeperry

  • Keywords tbb-fingerprinting added

I think this is the same root problem as #6146. See #7255 and #7256 for our best ideas for a solution so far.

However, if we don't make the zoom atomic or the prompt block the toolbar appearance, sites can still detect the resize in both CSS and JS.

This is a hard issue :/.

comment:4 Changed 14 months ago by malaparte_

  • Cc hack@… added
Note: See TracTickets for help on using tickets.