[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #20214 [Applications/Tor Browser]: Ultrasound Cross Device Tracking techniques could be used to launch deanonymization attacks against some users



#20214: Ultrasound Cross Device Tracking techniques could be used to launch
deanonymization attacks against some users
--------------------------------------+----------------------------------
 Reporter:  VasiliosMavroudis         |          Owner:  tbb-team
     Type:  defect                    |         Status:  new
 Priority:  Medium                    |      Milestone:
Component:  Applications/Tor Browser  |        Version:  Tor: unspecified
 Severity:  Normal                    |     Resolution:
 Keywords:                            |  Actual Points:
Parent ID:                            |         Points:
 Reviewer:                            |        Sponsor:
--------------------------------------+----------------------------------

Comment (by cypherpunks):

 1. Why wouldn't this work with audible sound? Audible sound ranges have
 been shown to be able to covertly issue voice commands to nearby mobile
 devices
 (https://www.georgetown.edu/sites/www/files/Hidden%20Voice%20Commands%20full%20paper.pdf).
 The core issue is not addressed by filtering out non-audible sound.

 2. If a user is presented with a choice to play the media file or not and
 if they *believe* that they want to play it, they will play it. The prompt
 would only serve as an annoyance that the user would learn to ignore. If
 your attack involves tricking a user to visit a website, tricking a user
 to view or allow the media on the website to play would not be
 significantly more difficult.

 3. The security slider at 'High' already makes video/audio content click-
 to-play, with the current exception of MediaSource video (see: #19200).

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20214#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs