[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] WebGL forbidden in NoScript but Flash is not?
What is tor doing about finger printing?
Is there a project to deal with that?
On Wed, May 8, 2013 at 12:13 AM, Joe Btfsplk <joebtfsplk@xxxxxxx> wrote:
> On 5/7/2013 5:27 PM, Moritz Bartl wrote:
>> "WebGL can reveal information about the video card in use, and high
>> precision timing information can be used to fingerprint the CPU and
>> interpreter speed."
>> The adversary simply renders WebGL, font, and named color data to a
>> Canvas element, extracts the image buffer, and computes a hash of that
>> image data. Subtle differences in the video card, font packs, and even
>> font and graphics library versions allow the adversary to produce a
>> stable, simple, high-entropy fingerprint of a computer. In fact, the
>> hash of the rendered image can be used almost identically to a tracking
>> cookie by the web server.
>> WebGL is fingerprintable both through information that is exposed about
>> the underlying driver and optimizations, as well as through performance
>> Because of the large amount of potential fingerprinting vectors and the
>> previously unexposed vulnerability surface, we deploy a similar strategy
>> against WebGL as for plugins. "
>> OK, thanks for detailed reply. Now that the "adversary" has a
> fingerprint of my machine (therein lies the problem - the data being given
> out), unless they're the gubment & I'm a bad guy (or living in a represses
> society), what are they going to do w/ that info? In the real world, not,
> "theoretically, they could..." Let's assume I haven't done anything that
> falls under criminal court jurisdiction & very unlikely anything even
> falling under civil court jurisdiction.
> This is good info to know. My wondering about another method of using a
> stand alone media player (not browser plugin) that plays Flash or WebGL
> content, & whether it avoids some of these issues, is in another post,
> tor-talk mailing list
tor-talk mailing list