[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] TBB Memory Allocator choice fingerprint implications

To: tor-dev@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-dev] TBB Memory Allocator choice fingerprint implications
From: Patrick Schleizer <patrick-mailinglists@xxxxxxxxxx>
Date: Mon, 19 Aug 2019 16:11:00 +0000
Cc: whonix-devel@xxxxxxxxxx
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 19 Aug 2019 12:11:45 -0400
In-reply-to: <CA+cU71=PeZGCAJNsPQy9QpKY9=wz3vPdW8QKruF_ZwyanoyYzQ@mail.gmail.com>
List-archive: <http://lists.torproject.org/pipermail/tor-dev/>
List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>
List-post: <mailto:tor-dev@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
Openpgp: preference=signencrypt
References: <4a9a77d1-795a-2733-bafb-609aec3f5dfb@riseup.net> <CA+cU71=PeZGCAJNsPQy9QpKY9=wz3vPdW8QKruF_ZwyanoyYzQ@mail.gmail.com>
Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-dev" <tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx>

Btw Hardened Malloc does not require recompilation of TBB.

Compilation of Hardened Malloc is easy.

https://github.com/GrapheneOS/hardened_malloc

It then can be used with TBB or any application using LD_PRELOAD
environment variable.

LD_PRELOAD='/path/to/libhardened_malloc.so' /path/to/program

Just now created:
consider using Hardened Malloc for better security in TBB
https://trac.torproject.org/projects/tor/ticket/31440

Tom Ritter:
> On Sat, 17 Aug 2019 at 15:06, procmem@xxxxxxxxxx <procmem@xxxxxxxxxx> wrote:
>> Question for the Tor Browser experts. Do you know if it is possible to
>> remotely fingerprint the browser based on the memory allocator it is
>> using? (via JS or content rendering)
> 
> Fingerprint what aspect of the browser/machine?

Browser web fingerprinting. The fingerprint that remote websites can see.

Can web servers guess that a different memory allocator (Hardened
Malloc) is being used due to difference in performance or other glitches?

Cheers,
Patrick
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

References:
- [tor-dev] TBB Memory Allocator choice fingerprint implications
  - From: procmem@xxxxxxxxxx
- Re: [tor-dev] TBB Memory Allocator choice fingerprint implications
  - From: Tom Ritter

Prev by Author: Re: [tor-dev] New Proposal 306: A Tor Implementation of IPv6 Happy Eyeballs
Next by Author: Re: [tor-dev] Putting onion services behind a third-party TCP proxy
Previous by thread: Re: [tor-dev] TBB Memory Allocator choice fingerprint implications
Next by thread: Re: [tor-dev] TBB Memory Allocator choice fingerprint implications
Index(es):
- Author
- Thread