[tbb-bugs] #17207 [Tor Browser]: Testing navigator.mimeTypes for known names can reveal info and increase fingerprinting risk
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Oct 2 19:19:25 UTC 2015
#17207: Testing navigator.mimeTypes for known names can reveal info and increase
fingerprinting risk
-------------------------------+----------------------------
Reporter: TemporaryNick | Owner: tbb-team
Type: defect | Status: new
Priority: normal | Milestone:
Component: Tor Browser | Version:
Resolution: | Keywords: fingerprinting
Actual Points: | Parent ID:
Points: | Sponsor:
-------------------------------+----------------------------
Comment (by TemporaryNick):
I uploaded an example, which tests only the application types listed by
IANA. There are other types than can be checked and there are an unknown
number of types that aren't registered with IANA.
I think the issue is that when you check for a MIME Type in this way, the
browser checks with the OS to see whether the MIME Type has been
registered. Which MIME Types are registered depends on which application
software and/or drivers the user chose to install. My test results were
different on different Windows systems. I was, however, testing with a
more comprehensive list than that shown in the demonstration.
I think the place to start may be nsMimeTypeArray.cpp, and what happens
when you check for a named item. I found someone talking about this type
of issue and approaching it via GreaseMonkey script. They mentioned that
websites frequently test for some specific MIME Types, so simply blocking
named lookups may not be practical.
I don't know enough to tackle this issue.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17207#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list