[tbb-bugs] #28372 [Applications/Tor Browser]: determine if onvisibilitychange is a fingerprinting vector
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Nov 9 17:13:40 UTC 2018
#28372: determine if onvisibilitychange is a fingerprinting vector
-----------------------------------------+--------------------------
Reporter: mcs | Owner: tbb-team
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: tbb-fingerprinting,ff60-esr | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
-----------------------------------------+--------------------------
Comment (by tom):
Probably best to disable it... It's not a super important API, should
degrade just fine. A website could determine:
- If it was loaded as a prerender client hint (although we probably also
disable that)
- If the user has backgrounded the tab, minimized the window, their
screensaver has gone off, screen locked, etc.
There's not a lot to learn from these which might be an argument to leave
it alone, but if I wanted to put on my really creative hat, maybe a
website could learn that a user's screensaver turns on after X minutes of
inactivity?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/28372#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list