[tbb-bugs] #31512 [Applications/Tor Browser]: Fingerprinting of Tor Browser

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Aug 26 09:27:05 UTC 2019 

#31512: Fingerprinting of Tor Browser
-------------------------------------+-------------------------------------
 Reporter:  thelamper                |          Owner:  tbb-team
     Type:  enhancement              |         Status:  new
 Priority:  Medium                   |      Component:  Applications/Tor
                                     |  Browser
  Version:  Tor: unspecified         |       Severity:  Major
 Keywords:  fingerprinting,          |  Actual Points:
  fingerprint, user-agent switcher   |
Parent ID:                           |         Points:
 Reviewer:                           |        Sponsor:
-------------------------------------+-------------------------------------
 The official advice from the Tor Project is not alter any settings in the
 Tor Browser, like installing browser extensions, because this will make
 the individual browser less unique and more vulnerable to fingerprinting.
 But, as long as javascript is enabled, the individual Tor Browser seems to
 have a more or less unique fingerprint. Most people are probably aware of
 the panopticlick and amiunique fingerprinting tests, but there are also
 these two sites: (brax.me/geo/) and (tor.triop.se/) which assigns a unique
 identifying number to a user's tor browser that remains more or less
 constant, until javascript is disabled.

 My question-proposal is this. Since the Tor Browser (with javascript
 enabled) is not wholly resistant to fingerprinting, why not install a
 user-agent switcher or some other browser extension that can spoof details
 about the browser? Sure it will make the individual Tor Browser behave
 differently but is that such a bad thing when it can already be identified
 and potentially tracked across website visits?

 I have tested one user-agent switcher (gitlab.com/ntninja/user-agent-
 switcher) and it provides only partial protection - despite setting it to
 random mode, changing every minute, the same fingerprint codes appear from
 time to time
 Can anyone suggest a better user-agent switcher than this one?

 I don't know if this sub-topic has been addressed elsewhere in the forums,
 so you are welcome to link it to a pre-existing ticket.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/31512>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tbb-bugs mailing list