[tbb-bugs] #22632 [Applications/Tor Browser]: The scrollbar in TBB is enabled and disabled based on a setting in macOS system preferences
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Jun 19 14:10:46 UTC 2017
#22632: The scrollbar in TBB is enabled and disabled based on a setting in macOS
system preferences
--------------------------------------+--------------------------
Reporter: Dbryrtfbcbhgf | Owner: tbb-team
Type: defect | Status: reopened
Priority: Low | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Minor | Resolution:
Keywords: tbb-fingerprinting | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------------------+--------------------------
Comment (by cypherpunks):
Is there any evidence of such fingerprinting or a known way that js can be
used to detect the status of the scrollbar? I am 99% certain without
javascript it is impossible. Unless there is anything here beyond mouse
tracking with javascript, which already has a ticket, shouldn't there be
some evidence brought forward?
I know this really should be in another ticket, but I don't like adding
duplicate or unnecessary ones (there are enough already) - does anyone
know if ClientRects fingerprinting has been examined in TorBrowser?
https://browserleaks.com/rects .
Imho though, if you let the tens of thousands of lines of js code (e.g.
https://www.youtube.com/yts/jsbin/www-en_US-vflBNfd5x/base.js)
(https://www.youtube.com/yts/jsbin/player-vfle90bgw/en_US/base.js) that
most mainstream sites include run, as I said, it is practically impossible
to stop some form of fingerprinting. The only way this will improve is if
more real-world analysis of javascript tracking is done - examining which
APIs are used, to RE obfuscated code.
Either the DOM/ECMAScript are changed fundamentally and browser developers
stop adding new unnecessary APIs every other day, emphasize
security/privacy, document preferences properly, encourage control and
encourage web developers to follow the principles of progressive
enhancement.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22632#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list