[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #31512 [Applications/Tor Browser]: Fingerprinting of Tor Browser
#31512: Fingerprinting of Tor Browser
--------------------------------------+--------------------------
Reporter: thelamper | Owner: tbb-team
Type: enhancement | Status: closed
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Major | Resolution: invalid
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------------------+--------------------------
Comment (by Thorin):
Replying to [comment:4 tom]:
> https://tor.triop.se/ identifies the version of Tor Browser used (and
sometimes OS). It doesn't identify users uniquely. If anything, it
confirms that we're doing a pretty good job that someone smart poked at
this and this was the best they could do.
https://github.com/jonaslejon/tor-fingerprint/blob/master/tor-
fingerprint.js : I've looked at this code in the past, several times
On both Windows 7 and Linux Mint, it does not detect (for me) Tor Browser
(8.5.4), or the version, or even the major OS.
The fingerprint does change though, so there is entropy in that: I'll re-
look at it if you want.
- my Linux Mint (VM): Fingerprint: `-1609407044`, `-950496277`
- my Win7 (bare metal): Fingerprint: `427398366`, `278677235`
---
Detecting Tor Browser: that's actually already trivial: but all TB's are
the same in this metric. It's actually already trivial and 100% reliable
to detect this via other methods.
Detecting version: Tor Browsers should be up-to-date and should all report
the same on this metric (major version e.g 8 or 9: or if based on ESR60 or
68 etc). It's actually already trivial and 100% reliable to detect this
via other methods.
Detecting OS: It's actually already trivial and 100% reliable to detect
this via other methods. And right now, the JS navigator will actually tell
you (for now: that may change: why give away free entropy when we don't
have to). It's almost impossible to hide your major OS.
The only other thing of interest here might be detecting Tails. Or if
you're using a VM (which I have a PoC for: but won't be sharing in here)
--
I'll have a look at the other one later
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/31512#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs