Re: [tor-bugs] #13021 [Tor Browser]: Review Canvas APIs for fingerprintability

["Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>]

#13021: Review Canvas APIs for fingerprintability
-------------------------+-------------------------------------------------
     Reporter:           |      Owner:  brade
  mikeperry              |     Status:  assigned
         Type:  task     |  Milestone:
     Priority:  major    |    Version:
    Component:  Tor      |   Keywords:  ff31-esr, tbb-fingerprinting,
  Browser                |  TorBrowserTeam201409
   Resolution:           |  Parent ID:
Actual Points:           |
       Points:           |
-------------------------+-------------------------------------------------

Comment (by gacar):

 Cool, seems all Canvas API methods are in a competition to be the most
 fingerprintable!

 I got matching results with you, i.e. my FF 32 matched your FF 31, my Tor
 Browser matched yours.

 I think this may get really scary if we observe different fingerprints for
 the same TBB  version on different machines (with the same OSes).

 Until seeing that, I will believe that Tor Browser is ok with this attack.
 Since the diversity should be due to the drawing target (cairo SW, common
 for TBB users) which does the transformation and boundary calculation:
 https://mxr.mozilla.org/mozilla-
 esr31/source/content/canvas/src/CanvasRenderingContext2D.cpp#898
 https://mxr.mozilla.org/mozilla-
 esr31/source/content/canvas/src/CanvasRenderingContext2D.cpp#3110

 Being said that, I think that really worth testing!

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13021#comment:8>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs