[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-bugs] #25451 [- Select a component]: Tor window size leaks information
#25451: Tor window size leaks information
--------------------------------------+--------------------
Reporter: cypherpunks | Owner: (none)
Type: defect | Status: new
Priority: Medium | Milestone:
Component: - Select a component | Version:
Severity: Normal | Keywords:
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
--------------------------------------+--------------------
Tor's default browser size is too small and resizing can leak information,
because resizing to a common internal window size is difficult. The window
size quantizing that tor browser does/used to do (I can't get it to work
in this latest version, 7.0.7) was never very good anyway, and typically
resulting in fairly unique fingerprints as per EFF panopticlick.
A workaround is to somehow get the internal window size (the size of the
content window, sans toolbars and etc), and make it a common monitor
resolution by resizing the window to that size + the size of the toolbars,
for example I have been using:
{{{
until xdotool search --name "About Tor - Tor Browser" windowsize 1920 1183
; do
sleep 0.5;
done
}}}
on tor browser startup which gives me an internal window size of
1920x1080, which panopticlick says has only 2.44 bits of identifying
information (1/5 browsers share this value, supposedly).
However, this is fragile, and minuscule changes to font rendering settings
that change font sizes by so much as a pixel can completely throw this off
and result in an extremely unique browser fingerprint.
I can think of a few ways this might be solved, some of which may work in
combination with each other:
* Have a setting in Tor Browser for a fixed content window size, which
will resize the whole window to fit
* Have some kind of prompt for the user to choose between common browser
content window sizes (is there information anywhere on which sizes are the
most common?)
* Default to the largest common browser window size, and on resize snap
the window size to other common browser content window resolutions
Most of these involve knowing ahead of time which browser content window
sizes are common however, which I couldn't find online.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/25451>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs