[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #9451 [Tor bundles/installation]: de-anonymisation by readable @font-face CSS attribute - TBB settings update (was: de-anonymisation by readable @font-face CSS attribute)

Subject: Re: [tor-bugs] #9451 [Tor bundles/installation]: de-anonymisation by readable @font-face CSS attribute - TBB settings update (was: de-anonymisation by readable @font-face CSS attribute)
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Thu, 07 Nov 2013 16:38:37 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 07 Nov 2013 11:38:09 -0500
In-reply-to: <051.af013e5b5f4f796988c0906f71f54bf2@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <051.af013e5b5f4f796988c0906f71f54bf2@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#9451: de-anonymisation by readable @font-face CSS attribute - TBB settings update
-------------------------------------+-------------------------------------
     Reporter:  cypherpunks          |      Owner:  erinn
         Type:  defect               |     Status:  reopened
     Priority:  normal               |  Milestone:  Tor: unspecified
    Component:  Tor                  |    Version:
  bundles/installation               |   Keywords:  de-anonymization, TBB,
   Resolution:                       |  font settings
Actual Points:                       |  Parent ID:
       Points:                       |
-------------------------------------+-------------------------------------
Changes (by cypherpunks):

 * status:  closed => reopened
 * cc: team@â (added)
 * priority:  critical => normal
 * milestone:   => Tor: unspecified
 * keywords:   => de-anonymization, TBB, font settings
 * resolution:  not a bug =>


Comment:

 In the latest build of the Tor Browser Bundle (3.0alpha1 as of November
 7th), it's unclear why Firefox is left configured to allow pages to choose
 their own fonts by default. In addition to undermining anonymity, allowing
 pages to ascertain font availability could be used to determine a user's
 likely operating system for browser exploit targeting.

 The setting can be found via the TBB
 Preferences-->Content-->Advanced-->"Allow pages to choose their own
 fonts.." checkbox.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/9451#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #9975 [Flashproxy]: use argparse rather than getopt
Next by Author: Re: [tor-bugs] #9975 [Flashproxy]: use argparse rather than getopt
Previous by thread: Re: [tor-bugs] #10115 [EFF-HTTPS Everywhere]: Exception needed for http://downloads.mysql.com/archives.php
Next by thread: Re: [tor-bugs] #10013 [Website]: Better Reflect Existing Sponsorship Information on the Website
Index(es):
- Author
- Thread