[tor-bugs] #17207 [Tor Browser]: Testing navigator.mimeTypes for known names can reveal info and increase fingerprinting risk

["Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>]

#17207: Testing navigator.mimeTypes for known names can reveal info and increase
fingerprinting risk
----------------------------+--------------------------
 Reporter:  TemporaryNick   |          Owner:  tbb-team
     Type:  defect          |         Status:  new
 Priority:  normal          |      Milestone:
Component:  Tor Browser     |        Version:
 Keywords:  fingerprinting  |  Actual Points:
Parent ID:                  |         Points:
  Sponsor:                  |
----------------------------+--------------------------
 I gathered a list of MIME Types from IANA and other sources.  Then
 explicitly used each type to check if navigator.mimeTypes[type] ===
 undefined.  I found that I could detect quite a few MIME Types in this
 way.  Including some types that are related to specific application
 programs and/or peripheral devices.

 I maxed the security slider, which disabled Javascript by default and
 broke the test script.  However, after I whitelisted the test script I was
 able to achieve the same results.

 I was testing Tor Browser 5.0.3 for Windows.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17207>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs