[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #4810 [Firefox Patch Issues]: Weird screen sizes reported by Panopticlick
#4810: Weird screen sizes reported by Panopticlick
-------------------------------------+-------------------------------------
Reporter: erikd | Owner: mikeperry
Type: enhancement | Status: needs_revision
Priority: major | Milestone: TorBrowserBundle
Component: Firefox Patch | 2.3.x-stable
Issues | Version:
Resolution: | Keywords:
Actual Points: | Parent ID:
Points: |
-------------------------------------+-------------------------------------
Comment (by v3glvnCJK7NRg1kK):
Guys, this is ridiculous. This patch should have been applied '''two
years''' ago while the proper fix was discussed and implemented. Hell,
even forcing the TBB window to one static size and disallowing resizing is
more acceptable than leaving this for so long.
This might not be as serious an infoleak vulnerability as, say, enabling
Flash by default, but it is a serious infoleak vulnerability nonetheless.
Let's please do ''something'' about this now, rather than later.
With that said, both screen size and window size should be masked. For me,
the ideal solution is to only ever report, say, two sizes (depending on
the user's actual chosen window size) and automatically zoom the view to
compensate for the difference between reported and actual size. TBB
already presents some usability problems with plugins, etc.; screwing up
some sites' layouts and making them appear ugly is a small price to pay
for mitigating such an obvious de-anonymization vector.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/4810#comment:11>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs