[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] WebGL forbidden in NoScript but Flash is not?
What is tor doing about finger printing?
Is there a project to deal with that?
On Wed, May 8, 2013 at 12:13 AM, Joe Btfsplk <joebtfsplk@xxxxxxx> wrote:
>
> On 5/7/2013 5:27 PM, Moritz Bartl wrote:
>
>>
>> https://www.torproject.org/**projects/torbrowser/design/<https://www.torproject.org/projects/torbrowser/design/>
>>
>> "WebGL can reveal information about the video card in use, and high
>> precision timing information can be used to fingerprint the CPU and
>> interpreter speed."
>> [...]
>> The adversary simply renders WebGL, font, and named color data to a
>> Canvas element, extracts the image buffer, and computes a hash of that
>> image data. Subtle differences in the video card, font packs, and even
>> font and graphics library versions allow the adversary to produce a
>> stable, simple, high-entropy fingerprint of a computer. In fact, the
>> hash of the rendered image can be used almost identically to a tracking
>> cookie by the web server.
>> [...]
>> WebGL is fingerprintable both through information that is exposed about
>> the underlying driver and optimizations, as well as through performance
>> fingerprinting.
>>
>> Because of the large amount of potential fingerprinting vectors and the
>> previously unexposed vulnerability surface, we deploy a similar strategy
>> against WebGL as for plugins. "
>>
>> OK, thanks for detailed reply. Now that the "adversary" has a
> fingerprint of my machine (therein lies the problem - the data being given
> out), unless they're the gubment & I'm a bad guy (or living in a represses
> society), what are they going to do w/ that info? In the real world, not,
> "theoretically, they could..." Let's assume I haven't done anything that
> falls under criminal court jurisdiction & very unlikely anything even
> falling under civil court jurisdiction.
>
> This is good info to know. My wondering about another method of using a
> stand alone media player (not browser plugin) that plays Flash or WebGL
> content, & whether it avoids some of these issues, is in another post,
> today.
>
> ______________________________**_________________
> tor-talk mailing list
> tor-talk@xxxxxxxxxxxxxxxxxxxx
> https://lists.torproject.org/**cgi-bin/mailman/listinfo/tor-**talk<https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>
>
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk