[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #26607 [Applications/Tor Browser]: verify that subpixel accuracy of window scroll properties does not add fingerprinting risk

To: undisclosed-recipients: ;
Subject: Re: [tor-bugs] #26607 [Applications/Tor Browser]: verify that subpixel accuracy of window scroll properties does not add fingerprinting risk
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Tue, 16 Apr 2019 21:56:48 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 16 Apr 2019 17:56:58 -0400
In-reply-to: <043.ec6f5692cf06d967e07f11be0948b545@torproject.org>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <043.ec6f5692cf06d967e07f11be0948b545@torproject.org>
Reply-to: no-reply@xxxxxxxxxxxxxx, tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#26607: verify that subpixel accuracy of window scroll properties does not add
fingerprinting risk
-------------------------------------------------+-------------------------
 Reporter:  mcs                                  |          Owner:  tbb-
                                                 |  team
     Type:  defect                               |         Status:  new
 Priority:  High                                 |      Milestone:
Component:  Applications/Tor Browser             |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  tbb-fingerprinting, ff60-esr,        |  Actual Points:
  TorBrowserTeam201904                           |
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------

Comment (by acat):

 This is leaking the actual `window.devicePixelRatio` (always set to 1 with
 resistfingerprinting), which is 2 on retina and varies a bit on the
 Android devices I tested (2.77, 3). POC:
 https://acatarineu.github.io/fp/devicePixelRatio.html. In normal desktop
 screens it can be simulated by changing the zoom and refreshing the page.

 I think it's not exclusive of the scroll properties, the same subpixel
 values can be seen with `elem.getBoundingClientRect()` and probably
 others. I need to read more about the implementation to see what's the
 best way of fixing this.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/26607#comment:18>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #30021 [Core Tor/Tor]: Do not cache cipher list classification if cipher list is not yet available.
Next by Author: Re: [tor-bugs] #22809 [Applications/Tor Browser]: Tor Browser does not provide red security warning for downloading executable in HTTP
Previous by thread: Re: [tor-bugs] #26607 [Applications/Tor Browser]: verify that subpixel accuracy of window scroll properties does not add fingerprinting risk
Next by thread: Re: [tor-bugs] #26607 [Applications/Tor Browser]: verify that subpixel accuracy of window scroll properties does not add fingerprinting risk
Index(es):
- Author
- Thread