[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #17207 [Tor Browser]: Testing navigator.mimeTypes for known names can reveal info and increase fingerprinting risk
#17207: Testing navigator.mimeTypes for known names can reveal info and increase
fingerprinting risk
-------------------------------+----------------------------
Reporter: TemporaryNick | Owner: tbb-team
Type: defect | Status: new
Priority: normal | Milestone:
Component: Tor Browser | Version:
Resolution: | Keywords: fingerprinting
Actual Points: | Parent ID:
Points: | Sponsor:
-------------------------------+----------------------------
Comment (by TemporaryNick):
I uploaded an example, which tests only the application types listed by
IANA. There are other types than can be checked and there are an unknown
number of types that aren't registered with IANA.
I think the issue is that when you check for a MIME Type in this way, the
browser checks with the OS to see whether the MIME Type has been
registered. Which MIME Types are registered depends on which application
software and/or drivers the user chose to install. My test results were
different on different Windows systems. I was, however, testing with a
more comprehensive list than that shown in the demonstration.
I think the place to start may be nsMimeTypeArray.cpp, and what happens
when you check for a named item. I found someone talking about this type
of issue and approaching it via GreaseMonkey script. They mentioned that
websites frequently test for some specific MIME Types, so simply blocking
named lookups may not be practical.
I don't know enough to tackle this issue.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17207#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs