[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Browserprint fingerprinting website



On 2016-06-06 08:41, Nurmi, Juha wrote:
Hi,

On Mon, Jun 6, 2016 at 2:47 PM, <cube@xxxxxxxxxxxxxxxxx> wrote:

Hello, I'm the creator of a new fingerprinting website,
https://browserprint.info
Think Panopticlick but with a lot more tests.
Many of the tests are even designed specifically to catch the Tor browser bundle out, for instance the Math/Tan function returns a different value based on what your underlying operating system is, so it's easy to detect
when a browser is lying in their user-agent string.


This is clever! I didn't know about this. I see that 64bit Linux machine it produces the value -1.4214488238747245 and on windows -4.987183803371025.

TorBrowser should not let you to detect the operation system.


I would greatly appreciate if you visit the site and fingerprint
yourselves since it will help me refine the techniques and improve the site.


We will visit your site. Interesting work.


I'm adding more tests every week and if you have any ideas or suggestions
I'd love to hear them.


Thanks!

Best,
Juha
This is very interesting. It's worth looking into whether Tor Browser should disable these types of behaviors (since it could identify the user's OS). It'll take time but I think updates to stop the fingerprinting techniques in the mentioned website are possible.
--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk