[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #29348 [Applications/Tor Browser]: Add userChrome to Tor Browser to spoof scrollbars to reduce fingerprinting surface

To: undisclosed-recipients: ;
Subject: Re: [tor-bugs] #29348 [Applications/Tor Browser]: Add userChrome to Tor Browser to spoof scrollbars to reduce fingerprinting surface
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Wed, 06 Feb 2019 05:52:53 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 06 Feb 2019 00:53:05 -0500
In-reply-to: <053.93a94405893a1b1b6dcb7b371b7f3e18@torproject.org>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <053.93a94405893a1b1b6dcb7b371b7f3e18@torproject.org>
Reply-to: no-reply@xxxxxxxxxxxxxx, tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#29348: Add userChrome to Tor Browser to spoof scrollbars to reduce fingerprinting
surface
--------------------------------------+----------------------------------
 Reporter:  concerneduser             |          Owner:  tbb-team
     Type:  enhancement               |         Status:  new
 Priority:  Medium                    |      Milestone:
Component:  Applications/Tor Browser  |        Version:  Tor: unspecified
 Severity:  Normal                    |     Resolution:
 Keywords:  scrollbar fingerprinting  |  Actual Points:
Parent ID:                            |         Points:
 Reviewer:                            |        Sponsor:
--------------------------------------+----------------------------------

Comment (by Thorin):

 The viewport will be standardized in
 https://bugzilla.mozilla.org/show_bug.cgi?id=1407366 and you will not be
 able to calculate the scrollbar width. I assume - i.e. I am not entirely
 sure where the scrollbar ends up in this patch - against the edge of the
 inner window, or in the viewport

 Also note #22137 exists

 Off-topic
 > Tor reports different values for the useragent in the HTTP header
 (Windows) and the JS navigator obj (Linux). This is strange

 Not at all. It's a compromise (see #26146 if you want a LONG read)
 JS/navigator reveals 4 OSes (due to breakage), but HTTP Headers is limited
 to 2 (to reduce entropy). Sites that provide functionality based on
 OS/platform use JS naturally to detect that. But not all is lost, because
 hopefully, when https://bugzilla.mozilla.org/show_bug.cgi?id=1519122
 lands, the JS/navigator can be reduced back to 2 OSes

 > there are other fingerprinting vectors that can still give your OS away

 Indeed. The fonts differ between Tor Browser bundles. See
 https://ghacksuserjs.github.io/TorZillaPrint/TorZillaPrint.html#useragent
 - the `[css] os` result.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/29348#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

References:
- [tor-bugs] #29348 [Applications/Tor Browser]: Add userChrome to Tor Browser to spoof scrollbars to reduce fingerprinting surface
  - From: Tor Bug Tracker & Wiki

Prev by Author: [tor-bugs] [Tor Bug Tracker & Wiki] Batch modify: #12968, #22176, #24855, #26323, ...
Next by Author: Re: [tor-bugs] #29452 [Applications]: Tor Browser 8.0.5 - Disqus do not work
Previous by thread: Re: [tor-bugs] #29348 [Applications/Tor Browser]: Add userChrome to Tor Browser to spoof scrollbars to reduce fingerprinting surface
Next by thread: Re: [tor-bugs] #29348 [Applications/Tor Browser]: Add userChrome to Tor Browser to spoof scrollbars to reduce fingerprinting surface
Index(es):
- Author
- Thread